The role of the new CISO: Creating a culture of safety and wellbeing
You don’t need to be a superhero.
It seems obvious, but it’s worth repeating – for CISOs who are new to their organisations or their roles, the job isn’t about flying around your organisation plugging holes and solving security issues.
Instead, the Telstra Purple New In Role community’s latest meeting heard from a range of new CISOs that prevention is more important than problem-solving. The goal is putting a system in place that prevents security becoming an issue in the first place.
But achieving that goal is not something a CISO can do overnight, or on your own. The only way is to create the right culture in your organisation.
Rewarding prevention, not cure
During the event, we heard that the first and most important part of empowering a culture of prevention is setting the right incentives.
Does your company reward the people who put out fires? While solving problems is essential as and when they occur, it’s much more beneficial for everyone to put in place a system that prevents problems from happening in the first place.
The issue is that the results are significantly less immediate and visible. Look at the ‘Y2K Millennium Bug’, where thousands of IT departments around the world worked tirelessly to prevent computers crashing as we went from 1999 into the year 2000. Today, people are as likely to remember the furore around the work as an over-reaction as they are to consider it a successful preventative action.
Yet, that shouldn’t underplay its importance. We have to find ways to recognise preventative behaviour and give it the attention it deserves.
Managing stress and the case for emotional intelligence
IT and security teams can be very stressful places to be, especially if there is a security breach or unexpected downtime.
The focus is rightly on the technological problem and what the team needs to do to fix it. Yet, it’s also essential we consider our teams at these junctures as well.
In times of crisis, it’s more important than ever to keep an eye out for the members of your team you don’t hear from much, so that you can monitor their mental health and wellbeing.
It’s critical to understand how all of your team is doing, since crises have an impact beyond the nine to five. It’s not abnormal to hear about significantly longer working hours, cancelled weekend plans or holidays, or knock-on effects on family life.
Most people’s tendency is to hide stress and get on with the job, since you might get labelled negatively and hurt your reputation if you acted differently. But that secrecy can be damaging on its own.
New CISOs have the opportunity to set a new culture of transparency when it comes to these problems. Checking with individuals and communicating with clarity is essential to maintaining your team’s mental wellbeing. And it’s ok to set expectations that busyness and stress do not equate to productivity and success. Results are more important than effort.
Using emotional intelligence is central to creating a team in this manner. Yet, it is also a skillset that often isn’t prized as highly as technical skill. The effect is that those skills aren’t exercised as regularly. If that’s the case, consider signing up for emotional intelligence courses that provide practical, applicable tips to create a successful culture.
Setting the expectation of ‘yes’
The final key to enabling a culture of safety is driving awareness of the role of your team across the wider business.
Sometimes a CISO’s biggest challenge is shaking the perception that the function is there to say ‘no’ to new ideas or ways of working. That image of bureaucracy or blocking innovation is neither true, nor helpful.
Instead, new CISOs should aim to communicate across the business that your team enables business innovation and value. Ultimately, we should aim to be recognised as the conscience of your business – a confidante who understands the risks but mitigates the problems so everyone can thrive.
Creating connections
While new CISOs shouldn’t aim to be a superhero themselves, they can learn lessons from Superman, Batman, and the rest.
Without their sidekicks, those superheroes wouldn’t be half as powerful. That applies to your teams too. Creating connections across your business, looking out for the health and wellbeing of your team, and creating awareness of how you work in partnership alongside the rest of the business are essential ways to create a culture that – even if it doesn’t save the world – will empower your business.
Fractional Marketing Director | Tireless idealist | There’s always a way to get where you want to go
4 年I've not been to one of these discussions for a while so I enjoyed reading this and hearing about some of the more recent topics. Setting the expectation of 'yes' and the case for emotional intelligence really caught my eye. Thanks for sharing Joe.
Slightly grumpy northern Luddite who's been lucky to lead a brilliant team of Cyber Security & IT Transformation consultants.
4 年All sensible stuff Joe. Not rocket science to work out that comms skills, EQ and a healthy dose of humility are as important as being a tech whizz in ANY role. I'm sure a virtual New In Roundtable will be a success. I'll miss the red room though!
Music mad egg-chaser working with a fantastic team of IT Services people bringing purpose to technology
4 年Overwhelmingly positive feedback from all our New In Role Roundtables over the years. If you're new to your role, this is an excellent way to learn and share, and accelerate into the job. Good share Joe