September 14, 2017 By Scott Koegler 3 min read

CISOs have a difficult path to success because their area of expertise is highly technical and one that few care to understand on a deep level. The success of today’s IT security leaders depends on their thought leadership and ability to present a continuous flow of understandable and interesting information that informs colleagues without jargon or fear tactics.

The CISO must position him or herself as a thought leader in the eyes of both security employees and the company as a whole. Security professionals looking to cultivate this level of authority should consider the following suggestions.

Define Your Thought Leadership Brand

Personal branding is important for the advancement of your professional career, but it can be tricky because your CISO brand is likely different from your personal social brand.

Each CISO has his or her own work habits, values and communication style. Create a document that identifies the key aspects of your brand and revisit it regularly. You can define these key aspects by answering the following questions:

  • What is your most important underlying philosophy about security?
  • How is your identity different?
  • What does your brand deliver and how do people experience this?
  • Who is the target audience for your services?

Write and Share

The CISO encounters multiple complex decision points during the day, and those decisions have both short- and long-term consequences. As CISOs hone their skills, they learn more than just technology; they also get to observe how their actions affect the enterprise. By creating modes of operation that build on the brands they have established, security leaders can both influence their companies in practical ways and affect subtle changes.

One of the most effective ways to communicate with a wide audience is to write short articles that explain complex and esoteric information in terms everyone can understand. The articles should be informative without using jargon and reference issues that affect the company as a whole. The wide-ranging effects of data security that the CISO understands in great depth lend themselves perfectly to distributing information to the enterprise. As a thought leader, it’s the CISO’s job to present these concerns in constructive ways without causing alarm.

The content the CISO creates should be presented on a continuous basis. That kind of distribution allows for shorter articles that are easy to both write and read. These articles can be delivered through existing company newsletters, the company intranet or another publication that has the company’s backing and support.

Raise Your Voice

Highly technical employees are sometimes known for their reticence toward public speaking, but speaking as an expert at conferences and group meetings is one of the best ways for a CISO to establish a strong voice in the thought leadership sphere. The subject matter for presentations can be drawn from the articles written for internal consumption and modified to address a public audience. As a thought leader, the CISO needs to discuss big-picture issues that connect technology with the brand. In this way, the message and the personal brand reinforce one another.

Connect With Media

Media reporters are always looking for subject matter experts (SMEs) to interview on topics for publication. Many companies employ media relations teams to connect knowledgeable company staff with media outlets for interviews. Check with the public relations team for opportunities. External services such as LinkedIn and Help a Reporter Out (HARO) connect SMEs directly to writers. Be sure to develop an accurate and complete profile on those and other services, and respond to requests quickly to achieve maximum visibility.

Stick With It

CISOs can impact organizational security through technical prowess, but digital protection schemes only go so far. Security leaders have an opportunity to manage their own staffs from the perspective of an influential, highly regarded expert. Thought leadership can extend the reach of the CISO’s knowledge across and beyond the company’s walls, but the effort takes time and dedication. The results can be significant, in terms of both its effect on the company’s security and the CISO’s career.

Listen to the six-part podcast series: A CISO’s Guide to Obtaining Budget

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today