All CISOs must be transformational
In January 2020, we launched our inaugural "The Future Of The CISO" report, which identified the six types of CISOs (chief information security officers) we discovered through our research. At its release, we received copious amounts of feedback -- some we had considered and some we hadn't. While we were conducting our research, however, the omnipresent event we know today -- COVID-19 -- had yet to occur.
COVID-19 has changed the security landscape for CISOs: employees working remotely off non-work-provided devices, data flowing haphazardly, and strategic plans disintegrating. Therefore, while the six types still exist, my colleague, Josh Zelonis, pointed out that now "every CISO is now a transformational CISO."
Despite the internal friction when you're changing leadership style, it's imperative for security leaders to step out of their comfort zones and adapt to current circumstances. CISOs should:
- Lead with empathy. Empathy should be the foundation of your approach to leadership. With external and internal pressures colliding, Rick Holland, CISO of Digital Shadows, points out that "empathy is [a] top [interpersonal skill] for me."
- Learn to thrive in chaos. Release your grip on control and instead adapt to current circumstances to help your organization survive this volatile time.
- Just say yes. Don't stress over the short-term imperfections of your current security program's state and focus more on how you can make quick wins and other things "just work."
- Recognize the strength of vulnerability. Humanizing yourself to your team will alleviate employee stress. Extending yourself to like-minded peers can reassure you that you're not alone, energizing your confidence that you're doing what's right "right now."
This post was written by VP and Principal Analyst Jeff Pollard, and it originally appeared here.