Are CISOs valued in the C-suite?
Welcome to the new 134 cyber warriors who joined us last week. đ„ł Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA23 keynote stage.
Keep up with our weekly newsletters on LinkedIn, Subscribe here.
This week weâre focused onâŠđŁ
How CISOs have to adapt, understand numerous different areas of the organisations they work with, and aim for security efficiency â even if itâs not always glamorous. And because they have so many plates to spin, they need to be integral members of the C-suite table.
OK. Why? đ€
Because during a panel discussion at #BHMEA22, Jon Staniforth (CISO at Royal Mail) said:
âWeâve got to look at the soft side, the business side. Iâve probably saved as much data by changing business processes than I have by actually putting in technology controls. A big part of the role of the CISO is to actually become that business leader.â
And itâs a really important point: sometimes the best security solution isnât a technological one, but a simple change in the way information is exchanged or stored within the organisation.
As any CISO could tell you, this means that being a CISO is definitely not just a technical role. And increasingly, as more businesses rely heavily on digital and cloud for many aspects of their day-to-day operations, the CISO is as important in the leadership team as the CEO or the COO.
A CISO is never doing just one thing đ€
âItâs one of the balancing acts when youâre a CISO,â Staniforth said. âYouâre trying to do the right thing for the organisation, youâre taking direction from the CEO or the chief counsel because theyâre meant to be your executive partners, but youâre often not in that protected layer of extra support in terms of mentoring, extra insurance supportâŠâ
This is really hard â particularly when youâre making decisions that could have a serious impact on the organisation. And especially when youâre asked to sign off on decisions that youâre not completely happy to sign off on.
âIâve had in my own career a couple of challenging moments where I've been asked to do things I wasnât comfortable with,â he added, âand had to try and negotiate my way through that balancing act within that organisation.â And when a CISOâs moral baseline doesnât align with their companyâs decisions, theyâre forced to make a personal decision: to stay or to quit.
A question for the CISOs â do you feel valued and empowered as part of the C-suite in your organisation?Â
1. Yes, definitelyđ vote
2. No â it can be difficult to get my voice heardđ vote
So the CISO needs a more secure seat at the C-suite table
So as the role of the CISO develops within an organisation, itâs important to consider how that role is supported â and to advocate for yourself in order to build the support systems and assurances that you need. If youâre always going it alone, then youâre always at risk of becoming the company scapegoat.
A report by PwC called The CISO in the C-Suite (based on a Harvard Business Review Analytic Services survey, sponsored by PwC) found that organisations are not focusing enough on cybersecurity leadership development, in spite of the fact that cybersecurity is becoming increasingly critical to organisational success.
The CISO needs to be accepted as an integral member of the C-suite team â and treated as such.
As Staniforth put it, âIf you look at the rest of your management team, theyâre already mutually supporting each other â the COO, the CMO, the CEO â and so how do you emulate that behaviour?â
But it canât be a question for CISOs to answer on their own. C-suite leaders across all positions need to acknowledge the pivotal nature of the CISO role, and work to support and empower CISOs so they can work with confidence, and to the best of their ability.
Interested in AI and its various applications throughout different industries? DeepDive is DeepFest's weekly AI newsletter providing tech insights from industry experts. You can subscribe here to receive the newsletter straight to your feed: https://shorturl.at/mrvA5
DeepFest is the most anticipated AI event of the year, co-located with LEAP, and is taking place from 4-7 March 2024.
Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 13 December 2023.
Catch you next week,
Steve Durning
Exhibition Director
Join us at Black Hat MEA 2024 to grow your network, expand your knowledge, and build your business.
Sign up for more like this.
Join the newsletter to receive the latest updates in your inbox.