I’m so excited about my latest contribution to our research on “How To Become A Superstar Security Leader” (led by my fabulous colleagues Claire O’Malley and Chris McClean). I often get asked by clients and colleagues I speak with: “What does a modern-day CISO look like? What qualities do great CISOs have?” This can be a somewhat controversial topic for many, as the debate often rages around binary elements (e.g., technical versus nontechnical; charismatic versus dull). And yet there is so much more to it.

When I entered the profession 20 years ago (eek!), most if not all CISOs I knew had a technology background. They attracted like individuals, and technical security skills were the only ones exalted. I clearly remember the day in my very early career when I was asked if I wanted to enter the “hacking” or the “policy” side of security — so binary. Mercifully, these days are over. Security is now a multidisciplinary profession where you can generalize or specialize as much or as little as you choose. We need everybody here! And we need all sorts of skills.

With a skills shortage looming, the change in customer expectations of security, a significant gender diversity issue, and a highly complex technology and business landscape, the requirements for a CISO have changed. Your business and your team need a new breed of security and a superstar CISO. In this new world, top CISOs are ones who are most adept at harmonizing security! This has nothing to do with purist qualities such as a dashing personality, technical skills, or any other single skill; CISO superstardom is about thoughtful tactics.

Our research urges CISOs to be the security leader that their fellow executives want in the room. To do this:

  • Explain why security matters by using stories, tying security to business objectives, and communicating with the board, not just reporting to it.
  • Know your technology touchpoints.
  • Prioritize employee growth potential by investing in raw diverse talent, hiring women, creating a supportive culture, and empowering your team.

It also speaks to the crucial personal skills of a CISO that we don’t often talk about, such as the skills of courage (to take a stand on critical issues) and personal resilience (to keep fighting through the many setbacks that security will encounter).

I’m looking forward to hearing everyone’s thoughts and experiences of what makes a superstar CISO.