Building a relationship with the board: The CISO Executive Network is a peer-to-peer organization for information security professionals with more than 1,500 members. Andy Land, general manager of the organization, is seeing most of those members working with solid access to their boards. “But the question is, are we fundamentally doing anything good with that access?” he asks.Getting in front of the board is one thing. Effectively communicating cybersecurity needs and getting them met is another. It starts with forming relationships with C-suite peers. Whether CISOs are still reporting up to another executive or not, they need to understand their peers’ priorities and how cybersecurity can mesh with those.”The CISO job is an executive job. As an executive, you rely completely on your peer relationships. You can’t do anything as an executive in a vacuum,” says Barrack.Working in collaboration, rather than contention, with other executives can prepare CISOs to make the most of their time in front of the board.Once they have the board’s attention, they have to keep it. And that means leaning into business leadership rather than the technical know-how that might have helped them land the CISO job in the first place. Different board members have different areas of expertise, but their focus will be largely, and at a high-level, on the company’s financial success. Talk of CVEs and the latest ransomware gang is likely to do little to motivate board members.”You will lose credibility, and it will be very hard for you to get it back because most boards and most executives are very judgmental,” says Barrack. “They make very quick decisions about your level of capability.”CISOs who spend time learning how the different aspects of a business work and what its board members care about are going to find a more receptive audience. “If you come into a board made-up of all sales people and you start talking about pipeline loss and revenue loss and customer churn as it relates to cyber risk, you’re going to get their attention,” says Kathmann.The CISO role is still a relatively new one. Cybersecurity is gaining more attention, but the issue of board reporting remains a common frustration. For CISOs who don’t feel that their peers and their boards are empowering them to do their jobs, it may be time to reevaluate their approach to communication and long-term outlook with the organization.”If you’re not getting that support from the board, it may be time to start looking for a new opportunity,” says Bill Sieglein, founder of CISO Executive Network. “One of two things has happened: you’re poorly communicating, or they don’t support you.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4049347/lack-of-board-access-the-no-1-ciso-dissatisfaction.html
