Harnessing CISO Collective Power
Lone Wolf Or Wolf Pack? Perspectives From A Former CISO/CSO
One of the most valuable, important, and rewarding things I did during my tenure as a CISO/CSO was becoming involved in the CISO community. There are plenty of leaders who choose to go down the CISO path primarily on their own, and perhaps for some, that works. But having an ever-growing pool of peers, industry experts, and professionals who I was able to lean on was invaluable — add in the personal and professional benefits, and this became an important part of my career, satisfaction, and success.
So what does being “involved” actually look like? The good news is that there are a lot of options and flexibility in this regard. It can be as simple as posting on social media or attending webinars, conferences, or local security events. But the more engaged, vocal, and “out there” you are, the better. While simply being present has its inherent value, the real benefits come from being part of the discussion.
I found that, once I started to get involved and more engaged, the more I was formally asked to participate in events. This ranged from being on panels, participating in interviews, leading discussions at keynotes, and even chairing events and organizations.
I also had a great PR firm I worked with, via my former employer, that found great opportunities, as well. This included contributing to articles, interviews, and speaking at events. While this was a great benefit, you most certainly don’t need a PR firm. If you have access to one, however, it’s worth leveraging!
Speaking of public speaking, that is definitely not everyone’s forte, and that’s fine! You can still benefit tremendously just by networking and putting yourself out there. I should also note that it’s not about being an expert or having all the answers. In fact, my approach was always to just share my experiences, whether good, bad, or indifferent. Even if I was the one on the stage presenting, I always learned something. Someone would inevitably ask a question I hadn’t thought of or share something that enhanced or changed my point of view.
The Benefits For CISOs Who “Put Themselves Out There”
- Getting varying opinions and recommendations. Why not learn from those who are doing the same job? Have a product or strategy you’re looking at? Want to know how a peer tackled an issue? Hearing what worked or, sometimes even more importantly, what didn’t work was invaluable and a great complement to formal research and why we drive peer discussions.
- Receiving validation and commiserating with others. Sometimes, just knowing that my peers were dealing with the same issues and challenges was important and would lead to some great discussions on how they were dealing with it.
- Building relationships. If nothing else, building a strong list of contacts, supporters, peers, and friendships is irreplaceable.
- Building your brand. Along the way, you’ll build your reputation and your brand. You never know when you may need to leverage that, and the time to start isn’t when you need it!
- Building your company’s brand. My former employer always looked at my industry involvement as a great benefit to them. It helped drive visibility and, ultimately, sales. I also met many of our customers along the way. Establishing those relationships was great for everyone involved. Can you overdo it? Yep, you sure can … make sure that your management or executive team is aware of what you are doing and supportive. Also, make sure that you are well versed on what you can and cannot say when representing your company, as well as when you need to be clear that you are providing your own opinion and not that of your company.
- Getting help when needed. You never know when you will need some help. Whether that’s advice or looking for that next great step in your journey, being connected gives you a great advantage.
- Combating burnout. CISO and team burnout is a real issue (see Jinan Budge’s excellent research about this topic). I found that attending events provided a well-needed break away from the office, and along the way, I found that I really enjoyed sharing my views, which drove a lot of personal satisfaction, and this can hold true for teams, as well.
- Giving back to the community. There are so many opportunities to speak at events geared toward educating audiences that wouldn’t normally have access to you. The audience is aways engaged and appreciative. Likewise, mentoring and speaking at schools can be another great avenue.
- Improving presentation skills. Another significant benefit is building out your public speaking and presentation skills, which is ever-increasingly important for today’s CISO. Whether that’s executive or board reports, “selling” your budget or strategic plan, or influencing your colleagues and employees, effective communication is critical.
I always said that this job is bigger than any one person, so what’s your path? Lone wolf or wolf pack?
David Levine is a VP and executive partner for Forrester. In this role, David works with Forrester CISO, CSO, and other technology executive clients to help them define and achieve their key security, governance, and business objectives. David provides tailored, actionable advice informed by his experiences, and he works with Forrester’s research, advisory, consulting, events, and data teams to bring the best of Forrester to clients.