We are often asked what makes a great CSO? While every company is looking for something slightly different and every leader’s role consists of different parts, we tend to see a few traits that separate top CSOs from the pack.
Protecting the data collective
The first and most common trait of great CSOs is the ability to be the ultimate guardian of the data collective. Traditionally, the CSO position has centered around being fully aware of incoming risks and up to speed on the latest threat landscape. It goes without saying that this is a tough skill to master, in part because the span and level of knowledge around security across a company is varied. Not too long ago, if you didn’t know your IT leader it was because everything was working properly, but things are different today. The modern CSO knows everyone in the company in one way or another.
Knowing how to protect the data collective is about choosing the right controls and tools to implement. The policies, reporting, defensive and offensive tools/resources are all under the purview of the CSO’s toolbox. Having a broad and deep understanding of the policies enables the CSO to report, monitor, defend, and anticipate what threats are coming.
Building effective teams and leadership
As investments in Security programs and CSO organizations become more complex and business-focused, we are starting to see a trend for CSOs to have ample evidence of team building and mentoring/leadership skills. Team structures are becoming more diverse as security organizations continue to become more complex. The CSO is now equal parts; technical expert, functional business process aligner, executive level guide, internal subject ambassador, and outwardly facing posture leader. What a scope! Hence the ability for a CSO to adequately build and lead teams is very much in the spotlight.
As a side note for those of you looking to conduct a new CSO search; this is one of those traits that candidates may not fully possess your search candidate slate. Clients who expect a CSO to enter with the full arsenal of polished executive leadership skills will need to adjust their expectations. Most up and coming CSOs are still growing their leadership skills and may not have been exposed to many management scenarios. To put it in perspective, this is a small, specialized group of technical leaders that deal with the reactive nature of every threat thrown their way. We feel that it is the client’s responsibility to invest in a CSO’s leadership training and mentorship.
The X Factor: Seeing around the corner
Though there are many other traits I could mention, there is one more that I consider critical. A CSO must be able to align the company’s security narrative back with the business and financial goals. The CSOs who can truly distinguish themselves are clearly and consistently tying their project investments and results back to the underlying business. The most effective CSOs we know have an equal blend of technical expertise and business-readiness skills that enable them to scale their communication up or down in a fast growing/moving organization. They can gracefully explain complex technical challenges to anyone.
This of course is not as easy as it sounds. The tough security decisions (process, tools, org structure decisions) meant to protect the company’s assets can sometimes be counterproductive to the ultimate business goals. The visionary CSOs can turn the narrative into an effective roadmap then take the company’s products, services, Board, and all other elements on a journey. These Security leaders have a unique capability to “look around the corner”. They are able to see things from a technical, architectural, and business operations perspective and use that vision to better the company’s security posture.
Thank you to our partner Jason for the inspiration.