Todd Fitzgerald promotes CISO leadership and collaboration amongst security practitioners by hosting his CISO STORIES weekly podcast, advisory board participation, and international speaking engagements. He serves as VP, of Cybersecurity Strategy, at Cybersecurity Collaborative. He has authored four books, including #1 Best-selling (2019-2022) and a 2020 CANON Cybersecurity Hall of Fame Winning book entitled CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers. His global multi-industry and Fortune 500 company senior leadership positions include Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, Wellpoint/National Government Services, Zeneca/Syngenta, IMS Health, and American Airlines.
Dr. Rebecca Wynn and Todd discuss practical leadership approaches, self-reflection, and how to get organizational support. Episode highlights include:
- Moving away from the comfortable to the uncomfortable areas of management
- The Great Reflection, doing an honest assessment of yourself
- Gaining funding and organizational support by leveraging frameworks
Common Thread with Math, Computer Science, and Cybersecurity
Fitzgerald has a seasoned career as a CISO and has found a passion in sharing his knowledge with others through speaking engagements, podcasts, and books. Still, like many in his field, he didn’t start with a focus on cybersecurity.
When he initially attended college, he was a math major, but when calculus wasn’t his thing, he shifted to accounting and, ultimately, business administration. He’s reflected on how he ended up down the path he did, and he believes it’s the analytics and logical connection.
Fitzgerald found that his real passion was in managing and leading people and thus has done so most of his career.
It’s Okay to be Uncomfortable
Leaders can’t do it all, and that means that the people on their team will have more knowledge/skills in certain aspects, which can make people uncomfortable. Fitzgerald discussed he recognizes that while he continues to be knowledgeable in technical areas, he realizes that is not his job and needs to be the focus and skillset of others on his team.
Not having all the answers makes people uncomfortable, but that is how you learn and grow. He shares, “When I've been uncomfortable with something, it meant I was learning something new and, and you just got to work through that till you cross the stream and you get to the other side, and you look back, and you say, ‘wow, now I know this, and I didn't know that before.'”
It May Not Be About You
Dr. Wynn and Fitzgerald discussed when there was an executive change that led to them being outsourced during their career. Sometimes it’s simply a cost-cutting initiative; other times it may be a personality or leadership style conflict with new management, but it’s essential not to take it personally. That can be not easy, but how you view that experience will help as you take on the next role.
Fitzgerald also spoke of a time he was passed up for a promotion he was expecting. However, his role within the organization allowed him to develop new skills and gain different experiences which would later benefit him.
Dr. Wynn asked Fitzgerald his views on remaining at a company or moving to new organizations in order to avoid having a singular view in their careerto not having to. Fitzgerald calls himself a “loyalist” and shared that he tends to stay with a company until the end really comes. He doesn’t see a need to look for new organizations every few years and that it’s not uncommon for people to look for their next opportunity the minute things start to feel uneasy. He does state, however, that there is no right or wrong there; it comes down to personality and what’s most comfortable for you.
The Need For Frameworks
Dr. Wynn raised the issue of vulnerability management and incident response, asking why Fitzgerald thinks the same issues are repeated. His response outlined many reasons, including funding being one of the top issues and needing frameworks in place.
In a recent speaking engagement for small businesses, he found it very scary that over 50% of those in attendance did not have a CISO in place. Although a company may have an MSSP or security tool, the risk is greater if they do not have someone charged with watching over that MSSP or tool.
Although you can never be 100% risk-free, it will come down to risk vs. reward and articulating that to the Board. It’s a balancing act, but it must be communicated clearly.
You can listen to the podcast on any of your preferred platforms and hear more from Fitzgerald, including which Frameworks he prefers, why he wrote the CISO Compass book, and the need for getting risk acceptance in writing.
Apple Podcasts
Spotify
Google Podcasts
