Seven habits of effective CISOs

From helping others to influencing the right people, these tips will help transform your work habits from average to stellar with advice from CISOs around the world

Today's CISO plays a pivotal role not only in defining technical standards and security policies, but also in assuring customers of the security of their data and validating security controls to regulators. Many are struggling with this transition because they have been given these responsibilities without any real authority or visibility within their organizations. They also need a new set of skills to successfully fulfill their responsibilities.

After talking to many successful CISOs of global organizations over the past year, Forrester Research identified seven habits that make them effective in their role.

1. Let Your Strong Moral Compass Guide You-Always

Forrester found that successful CISOs pointed to ethics and morality as an absolutely essential tenet of their role. Many said that they also look for this habit more than anything else when selecting staff for their security organizations.

Many successful CISOs said the trust they'd established was the primary reason they gained influence. CISOs need to deal with their fair share of office politics, and having a principled stance in those dealings helps build trust and credibility. There might be times when a CISO needs to make tough choices, like stopping a critical IT project from going live, and CISOs must be perceived to act justly and fairly. (Read What Is the Moral Responsibility of a Business Leader?)

2. Be Flexible and Nimble

Although information security is more visible in the organization and has a greater set of responsibilities than in the past, the CISO still has to compete for the limited resources and attention span of the organization. Some successful techniques include looking for creative solutions, being prepared to move quickly and taking down controls that become unnecessary.

One CISO said he challenges his team never to say "no" to the business, but instead to work collaboratively to come up with alternative solutions. Another said that during the first 30 days on the job he evaluated all the visible security controls and worked to eliminate those that were redundant or could be addressed in a nonintrusive way.

3. Run Security Like a Business

CISOs need to present the program in a businesslike manner for it to be taken seriously. Running the security program diligently and consistently, and tracking progress against established metrics and parameters, demonstrates that you treat security as an important business goal. CISOs can achieve this by:

  • Developing and sticking to a security program

  • Staying one step ahead of business planning cycles

  • Being consistent and diligent in his/her actions

  • Emphasizing customer service

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about ACTCreativeForrester ResearchLeaderLeader

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by Khalid Kark

Latest Videos

More videos

Blog Posts