Being CISO: Part 2

In part one of Being CISO, we looked back at our 2023 interviews with international cybersecurity leaders – to explore the key challenges faced by those working in this space. 

Now we’re taking a more positive view of what it means to be a CISO. Discover why cybersecurity leadership can be exciting, inspiring, and fulfilling – and gain a little motivation to help you as you build your own career in cyber. 

Diverse challenges aren’t easy – but they make for an exciting work environment

The diversity of cybersecurity work means that the role of the CISO is also very varied. The demands are changing all the time – and while this means your work is never done, it also means that cyber never gets boring. 

Matthias Muhlert (ECSO CISO Ambassador, and CISO at Haribo) said:

“One of the most enthralling aspects of my profession is the diverse range of responsibilities that I undertake. My job allows me to engage with individuals across the entire organisation, collaborate with cutting-edge technologies, travel the world due to work requirements, interact with exceptional intellects, exchange ideas freely (as security is not a competitive subject, and information sharing is often mutually beneficial), keep abreast of emerging trends in technology, and so much more.”

“I reckon that few professions can match the breadth of experiences that my role offers.”

And while Lance James (Founder and CEO at Unit 221b) noted that the comparison culture in cybersecurity can create imposter syndrome, he added that: 

“On the flip side, the process of immersing oneself in the flow and engaging in hacking (in the sense of tinkering or discovering) creates a state of joy and childlike wonder, as it is a constant journey of learning.” 

In other words, if you give yourself permission to not always be the best expert in the room, this sector is full of endless learning opportunities to feed your curiosity and creativity.

In fact, Gary Hayslip (CISO at Softbank Investment Advisers) is a ‘tinkerer’ at Security Tinkerers – a peer group of CISOs, security executives and thought leaders who embrace the practice of tinkering, and support each other as they explore and stretch the boundaries of their work. 

“If you are doing research, having problems trying to fix an issue, or seeking advice for your slide deck before you report to the board,” Hayslip said, ”Tinkerers is where many of us go to talk with a friend to get insight and help if we need it. Even with over 20+ years of experience in IT and Cybersecurity I still occasionally need advice and this group is a good place to get some wide ranging, diverse insight into issues I may be facing as a CISO and a Business Executive.” 

At its best, the cybersecurity community is diverse and collaborative

When we asked Megan Samford (VP and Chief Product Security Officer for Energy Management at Schneider Electric) how she manages the pressure of leading cybersecurity for an organisation in a critical industry, she said: 

“You have to be willing to be unabashedly vulnerable and wrong from time to time – it’s how you learn and it's how you don’t become so fragile you break. Also, like many, I value a good cup of coffee in the morning and a healthy dose of humour.”

“On a serious note, I have a great group of peers in industry that support me and I try to support them. To have friends, you have to be a good friend, and I think the ICS Cybersecurity community is very much like that. If you put in and give to this community, it will give back to you.”

David Cross (CISO at Oracle Cloud SaaS) added: 

“The cybersecurity community is a global one that is very diverse from a business, culture, and organisational perspective.  The challenges and environments are often very different across the world, and as cybersecurity vendors, experts, and community members, we need to understand and embrace all regions holistically.”

“Our community is stronger when we connect, share information, and engage talent in these broader events. Black Hat MEA is an amazing, dynamic, and energetic environment that is one of the most enriching and open forums I have ever participated in my career.”

And Chris Wysopal (Founder and CTO at Veracode) explained why the sector values (and needs) people from all walks of life, with different experiences, interests, and talents. 

“Cybersecurity is a wide tent,” he said, “it needs people who are breakers, like me, but it also needs builders and investigators. It needs these disparate groups of people with different mindsets and skill sets to come together to solve the problem of building a secure digital world.”

And cybersecurity leaders agree that culture is crucial

To an outsider, it might seem that technology and technical processes are the most important aspects of cybersecurity. But inside the sector, leaders understand that human relationships and security culture is just as important as tech. 

Michael Montoya (CISO at Equinix) said, quite simply, “CULTURE, CULTURE, CULTURE.” 

“The statement that culture eats strategy for breakfast remains tested and true. Technical controls will always be important and required. My perspective on the importance of building a culture of security needs to be essential for any security strategy.” 

Zechariah Akinpelu (CISO at Unity Bank) agreed – noting that one thing he wishes everyone knew about cybersecurity is that security is everybody’s responsibility. ”I believe so much that if we all embrace the idea that cybersecurity is everybody’s responsibility, individuals can proactively contribute to a safer digital environment for themselves, their communities, and organisations.” 

And Lance James said, “In my humble opinion, relationships play a crucial role in anything involving logistical flow and coordination. What I mean by this is that the root cause of security problems does not primarily lie with computers, but with people. Computers are merely tools that carry out their designated tasks efficiently.”

So cybersecurity leaders today have a significant task at hand – but they also have the opportunity to work in a vibrant landscape where relationships and security culture are increasingly valued. This sector is as exciting as it is challenging; and being CISO never means being just one thing.