Before you lecture, listen

If you haven't heard yet, this is CSO magazine's tenth anniversary. Let me be the first to let you in on a little secret (in case you've been living in a cave somewhere): A lot has changed in ten years.

I've had the unique pleasure to watch the security and risk profession evolve from a backroom player, an afterthought, to a thought-leading, business-aligned profession that helps leadership steer their organizations through sometimes calm, often perilous waters of business.

You haven't always had it easy. Heck, you've often had little or no support. In fact, when this magazine launched in 2002, there was some doubt as to whether the role of the CSO would continue at all or if it would just be absorbed by other parts of the business. But through hard work and leadership, you have helped teach your organization's leaders that what you do is important (nay, critical) to the continued success of your business.

The other day I pulled out a copy of our very first issue. On the cover was a photo of Bill Boni, then CISO of Motorola, now VP of information security at T-Mobile. His image stared at me over the headline, "Let's Talk." But Bill wasn't talking, he was listening. How very prophetic that has turned out to be.

The most successful security leaders aren't the ones who just talked about security and risk until they were blue in the face. They're the ones who do a lot of listening. Listening to the business, listening to their peers...and learning. If I had to sum up CSO's overarching message from the past ten years, it would be just that: Listen.

It is said that with knowledge comes understanding. By listening, CSOs have learned about the business of their organizations. They turned that knowledge into understanding, which in turn helped them align security with the goals of the organization. From that, they have learned to balance risk with opportunity. It's not perfect, but it works...and that precarious balance is the Holy Grail of business.

If you want to become a business leader, you better be able to talk the talk and walk the walk. Otherwise you're just another techie saying "no" to every new technology, or you're just another security guard walking the rounds of a building.

After all these years and all the things we've seen, I truly believe that the role of the CSO has a bright future. The team at CSO looks forward to the next ten years of helping you solve your challenges and enjoy your successes.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Bob Bragdon

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts