March 23, 2017 By Christophe Veltsos 3 min read

“Each person’s behavior toward the other determines whether the relational dimension leads to a conversation that is rich or poor. In other words, what you do will influence what they do: if you confront them, they may confront you; if you try to appease them, they may take advantage of you and then feel aggrieved if you then change tack and become more assertive.” — “Talking the Walk,” a publication of The Partnering Initiative.

Why should chief information security officers (CISOs) consider themselves as digital trust diplomats? It is undeniable that today’s CISOs have to play multiple roles. They must be able to converse about deeply technical and complex issues one minute and translate how all these issues can impact the company’s bottom line the next.

One of the skills that is becoming more necessary for CISOs is diplomacy. However, diplomacy isn’t confined to the simplistic idea of endless meetings, tit-for-tat swaps and complex, multiparty negotiations. CISOs are at the center of a conflict of unprecedented scale and significance. And yet, as digital trust diplomats, CISOs have a lot to offer, and many professionals have a lot to learn.

The CISO as a Digital Trust Diplomat

The currency of the diplomat is trust. CISOs must be tactful in their negotiations and attempts at influencing without authority. They must also be strategic enough to realize that the way forward and upward for the business isn’t just about cybersecurity — it’s also about projecting a sound approach to protecting the data entrusted to the organization. Digital trust is critical to every organization’s future health.

In the digital world, diplomacy and trust go hand in hand. According to a report by Accenture, “Trust is the cornerstone of the digital economy. Without it, digital businesses cannot use and share the data that underpins their operations.” In other words, the CISO, as a diplomat, can help build that trust internally with the C-suite and the board and externally by ensuring the organization deliver on its promises to customers and business partners.

Digital trust can be a differentiator and a competitive edge. A PwC report echoed that sentiment: “We’re in the decade of digital change in which only the fit will survive and thrive. And to be digitally fit, you need to be digitally trusted — by customers, suppliers, in fact by all the stakeholders in your business.” The report further stated that “digital risk and the need to build trust should be treated as an enterprise issue for which boards need to develop a clear risk appetite to suit their specific business circumstances.”

What’s Your Grade Level?

So, how good are you at being a diplomat? The Organisation for Economic Cooperation and Development (OECD) published a Competency Framework that outlined 15 core competencies that are key to helping organizations achieve their objectives. The framework organized those competencies into three groups:

  1. Delivery-related competencies focused on achieving results, such as analytical thinking, achievement focus, drafting skills, flexible thinking, managing resources, and teamwork and team leadership;
  2. Interpersonal competencies focused on building relationships, such as client focus, diplomatic sensitivity, influencing, negotiating and organizational knowledge; and
  3. Strategic competencies focused on planning for the future, such as developing talent, navigating organizational alignment, strategic networking and strategic thinking.

The framework provided different behavioral indicators associated with different job levels, ranging from level 1 for assistants, secretaries and operators to level 5 for heads of division, counselors, deputy directors and directors. It’s a good way for CISOs to evaluate their own competencies and create road maps to improve weak areas.

A TV Show To the Rescue?

The reports and frameworks mentioned above offer useful, if not actionable, information. However, this article came about because of a TV show called “Madam Secretary,” and the parallels between a diplomat’s daily crises and that of a CISO’s.

Starring Téa Leoni as Elizabeth McCord, U.S. Secretary of State, the show explores issues in international — that is to say, traditional — diplomacy, whether it’s a crisis in our backyard or halfway around the world. However, the show also lets viewers in on behind-the-scenes actions, deliberations and negotiations that sometimes result in successful diplomatic resolutions.

While watching the show might not improve your ability to speak a foreign language, there are many situations with strong parallels in the business world, especially from the perspective of a CISO trying to manage a near-continuous stream of crises. Your organization’s success depends on it.

Listen to the podcast series: Take Back Control of Your Cybersecurity now

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today