This article explores:
- The difference between a world-class security engineer vs a world-class CISO
- How to identify a world-class CISO with one question
- The four points on your primary slide for the board
Dr. Rebecca Wynn, the host of the Soulful CXO, was joined by Dr. Eric Cole, and they discussed how to find your authentic self, what makes a world-class CISO, and how to present to the Board. Dr. Cole is the founder and CEO of SECURE, Anker Consulting, and an advisor and consultant to former President Obama, Bill Gates, and other high-profile clients. In addition ,he has published over a dozen books, including Protecting Your Business from Real Threats in a Virtual World.
Boring is Interesting
Dr. Cole shared that like others who are in the cyber security field, it wasn’t in his initial plan. While in school for computer science back in the 80s, he found himself questioning why he was putting himself through that “torture.” He wasn’t enjoying it and ultimately decided to go to the Intern Office to inquire about potential intern options.
As luck would have it, the CIA was going to be there the following day and had one opening for an intern. He recruited them and in Dr. Cole’s words, they were one of the small groups of people that found the fact that he was boring, didn't drink, didn't do drugs, very interesting to them. He ended up working for the CIA for their small little office of cyber security which was the start of what has become an amazing and very notable career for him.
Path To Happiness
Drs. Wynn and Cole discussed how to be the best person they can be in all facets of life: spiritually, personally, with family and professionally. One of the things Dr. Cole does to help keep himself stay grounded and recommends to others is to take 30 or 40 minutes quarterly or even monthly to imagine your perfect day. For him, he will go through each detail…where he is, who he is with, and what he is doing. They do not have to be feasible, but it helps to understand what's important to you. If x is on that list and you’ve not done x even once, then you’re not aligned with what's important to you or what you ultimately want for yourself.
World-Class CISO vs. Word-Class Security Engineer
The discussion shifted to careers and focusing on being your authentic self. Dr. Wynn noted that she advises people not to aspire to become a CISO. While that might be surprising as she is a CISO, she clarifies that it’s about aspiring to be the best you can be at whatever it is you love. That doesn’t necessarily have to be a CISO. As Dr. Cole sees it, one of the big mistakes in cyber security is that there’s a view of a single career track that starts with being technical. There’s often a misconception that technical engineering is where it starts and then you move up the ranks, ultimately achieving the CISO role.
Security engineers and CISOs, however, are two very different positions and should be viewed as two different career tracks. He shares that oftentimes, people who really love technology, “the super geeks who solve problems and whose hands get really dirty”, think that the only way to grow is to become a CISO. These aren’t people who necessarily enjoy presenting to executives or talking business, they don’t enjoy being in the boardroom, and they may end up being miserable in that position. Those who do aspire to be CISOs have historically thought they need to start on the technical side, but again, those are two different positions with their own set of required skills.
How To Identify a World-Class CISO
A CISO is a translator in many ways (and so much more). They are somebody who can speak business, speak technically, and can translate back and forth very easily. Dr. Cole suggests that one of the best ways to find a world-class CISO is to ask a simple question: “You're sitting at your desk, and you get a phone call that the company servers that contain all the critical data have been hacked. They've been compromised, and data is leaking out of the organization. What do you do? How do you respond?” If that person is focused on what he or she would do, such as running into the data center and determining where the attacks are coming from, that would be your world-class engineer. However, if that person is calling their team together, tasking their team and providing clear deliverables of what they need to find and what they need to do, then calling the CEO to let them know what's going on, you found a world-class CISO. It's somebody who is very strategic, who can speak business and speak technical and translate back and forth. They are not the ones solving the problem or running into the data center.
Drs. Wynn and Cole also discuss how to get back up after taking a major hit, whether that be with the Board or other areas of your career and how to stay passionate when things aren’t always going as they should. How best to present to the Board and what they do and don’t want to hear can be learned through the full podcast found here.
