CISO’s are the business and technical hybrid leader of the future. They have a unique lens of an organization’s inter-workings and they tackle the toughest challenges that face companies today. #toddpierce presented at IANS SF a few weeks ago; he boldly and correctly labeled CISO’s as the ‘rocket scientists of today’. Despite their value, CISO’s tend to struggle with building personal brands.
As a search partner focused on serving the CISO community we enjoy inquiries from CISO’s to help with their personal brand. Here are a few benefits of building your brand:
A strong recruiting tool: Building your own brand will help you build a better recruiting engine for your company. The idea is that a personal brand isn’t just about your own needs but also about building a presence around you that will help recruit the best talent for your teams.
Attracting Board and/or Advisory roles: Over the next 5-7 years, CISO’s will be a primary target for public and private Board as well as Advisory positions however only a handful of CISO’s have positioned themselves to be attractive candidates for these roles. Your reputation as an effective security operator in a high-consequence environment will create attention as a thought leader as these opportunities arise.
Marketability for your next career adventure: You may not be actively looking for that new CISO role however at some point your situation will change. Having a strong external brand along with an arsenal of digital artifacts and/or content will help to keep you top of mind when firms like ours are looking to fill a role in the next unicorn.
How might you go about building your brand?
Building an effective personal brand is well…personal. You alone will need to determine what method, frequency, and content defines you. What is the right balance of time you should be spending on external communication and brand building? What are the right artifacts to create? Is it most effective to write a blog, produce a podcast, begin tweeting, present at conferences, or organize a regular event? Oh, by the way you have a demanding day job so you’ll need to balance against reality.
Our advice would be:
Have a cohesive, clear, and consistent message: With so many security technologies and tools being thrown at Executives and Boards these days it will be important to find an area or areas of specific expertise in order for your message to resonate. Being successful as a generalist CISO is quite difficult to maintain. While it may be tempting to write about every hot security topic, attend every conference, or join every hot product security customer advisory board try to resist because the spray-and-pray is often not successful, will be difficult to maintain, and will not result in a cohesive (specific) message. Make valued connections and seek opportunities that fit within the theme of your message.
Find your tribe: Find a CISO collaborative community, perhaps there’s one on Slack. Ideas and spirited conversations from like-minded professionals will begin flowing. If you are just starting out, utilize the community to find your voice and a level of comfort with your specific content and activity.
Stretch yourself to talk outside the CISO community: Finding your tribe is great but don’t stop there. Find a way to be recognized as a business leader by presenting, educating, advising the non-CISO community. Your ability to translate complex technical challenges into business risk and ROI will be a key component of success for your brand.
Ensure that your digital footprint and artifacts are tied to your theme and on message: Update your social media profiles (LinkedIn etc) and consider producing additional content that aligns with your story.
Find your inner event planner gene: Consider organizing and hosting a security related event (could be as simple as an intimate dinner or happy hour / meetup to discuss best practices on a specific topic). This could prove not only a strong personal branding mechanism as well as a powerful recruiting tool.