Want to become a CISO? Start learning these skills now

Explore our weekly delivery of inspiration, insights, and exclusive interviews from the global BHMEA community of cybersecurity leaders.

Keep up with our weekly newsletters on LinkedIn — subscribe here and listen to The Black Hat Files here.

Insights and exclusive interviews with the global Black Hat MEA community – in your inbox every week.

This week we’re focused on…

You: the cybersecurity practitioner who’s thinking about becoming a CISO one day. 

Because you might be focusing on the wrong skills. 

Yes, technical depth is important, and of course you have to understand risk. Knowing architecture, operations, detection, governance, and incident response all absolutely helps. 

But according to Trina Ford (CISO at iHeartMedia), the people side of leadership is what ultimately separates strong practitioners from strong CISOs. And that transition catches a lot of future leaders off guard.

We recently interviewed Ford on the podcast, and she shared practical advice for cybersecurity professionals considering the move into leadership – particularly those stepping from technical or operational roles into management for the first time.

The core of her message is that becoming a CISO is not about becoming the smartest person in the room. It’s about helping other people succeed. 

Stop thinking like an individual contributor

One of the hardest adjustments for cybersecurity practitioners moving into leadership is letting go of the idea that your value comes from personally solving every problem.

“We have to make decisions as managers – what type of manager do you want to be?” Ford said.

This sounds obvious, but it really does change everything. Lots of technical professionals build their careers by being the person with the answers. Maybe you’re the person who can jump into an incident; the person who understands the environment better than anyone else.

But leadership works differently. 

“Managers feel [like]... if it’s not their idea it looks like they’re not effective, or they shouldn’t be in their roles,” Ford said. “That’s not how that works.”

Instead, she argues, future CISOs need to learn how to build trust, empower teams, and create environments where people contribute ideas confidently.

“Good managers and good leaders, they take the ideas and they allow their people to go run with it.”

If you’re aiming for a CISO role, that mindset shift needs to happen early.

Learn how to engage people – not just manage tasks

Cybersecurity practitioners often move into leadership without ever being taught how to lead people properly.

Ford’s approach is straightforward and practical – ask questions, make sure people are engaged and feel heard, work hard to create an inclusive environment that enables everyone to share their knowledge and ideas. 

Strong CISOs know how to make teams feel invested in outcomes rather than simply assigned to tickets or projects. 

Ford also stressed the importance of connecting daily security work back to the bigger business mission: 

“Help them understand the mission of the company and show how their great works are protecting the company.”

That becomes even more important as you move into senior leadership. Boards, executives, and business leaders don’t think in terms of alerts or CVEs – they think about operational continuity, risk, resilience, trust, and business impact.

Future CISOs need to learn how to translate between those worlds.

Your technical skills alone won’t prepare you for the role

Ford described the reality of present day CISO leadership: 

“If you really want to be a good manager or move into being a CISO, you have to understand that there’s different facets to being a CISO.”

Then came the reality check many practitioners need to hear.

“There’s that risk hat, there’s the kind of babysitter hat, there’s the partner hat that’s both vendor and internal, there’s the business hat.”

That list is a hint at how much the role has evolved.

Today’s CISOs are expected to:

• manage executives
• navigate budgets
• retain talent
• communicate during crises
• negotiate with vendors
• support compliance efforts
• influence culture
• align security with business strategy

All while handling an increasingly hostile threat landscape.

“You have to be ready to wear all of those hats – because things changed drastically in the last few years.”

If you’re serious about becoming a CISO, start developing those skills now – before you have the title and the pressure. 

Leadership also means protecting your team

Apart from driving performance, a leader in this industry also needs to recognise when their people are struggling. 

“I think understanding that we’re all human, that we have home lives, that there’s a balance – as leaders and management we must make sure that our people strike that balance.”

This perspective is so important in cybersecurity right now, as burnout continues to affect practitioners across every discipline. Future CISOs who ignore wellbeing and retention will struggle to build resilient teams long term.

Ford’s said:

“Your family is what will always be there for you.”

So be ready to give your team the space to pour energy into their family lives. 

So should you pursue the CISO path?

Ford’s answer: 

“Run to it.” 

But her version of leadership isn’t built around authority or hierarchy.

“What we need today are good leaders. People who know how to take a skill, hone in on it, and help someone contribute. Good leaders know how to bring out the best in people. They’ll have those tough conversations, but they’ll see that the conversation changes the person’s approach and perspective – and nine times out of ten they take it and they flourish; they run with it.”

If you’re a cybersecurity practitioner considering the leap into leadership, the best preparation now may be learning how to coach people, communicate clearly, navigate difficult conversations, and create teams where others can thrive.

Because the role is about your team – and what they can achieve because of your leadership.

Listen to our full interview with Trina Ford on the podcast: How diverse thinking can drive security innovation