Picture it: The CIOs and CISOs of yesteryear, shackled to the very technology they deploy. Working tirelessly in isolation, they interact infrequently with corporate decision makers and movers-and-shakers. Then it all changes. Freed from their restraints, they are encouraged – even expected – to provide direction and input to business leadership.
New expectations are placed upon them as they navigate their way out of the technology trenches and into the business arena.
Today’s fast-paced, ever-changing world of technology leadership has placed more on CIOs’ plates than ever before and, by default, on the plates of CISOs. With new responsibilities and a focus that shifts them from technology-centric roles to roles focused on business drivers and results, CIOs now look to CISOs to step into advisor and support system roles. As a result, CISOs can no longer operate within the confines of technology; they must expand their roles into the business realm and offer processes and solutions that consider the impact on the business and its key objectives.
THE NEW SKILL SET OF THE CISO
To step into this newly charted role, CISOs are expected to come to the table with some new skills that prime them to operate in the space between technology expert and business leader.
Provide business leadership. Gone are the days where the CIO – and the CISO for that matter – can get by on technical savvy alone. Success now relies heavily on becoming a strategic thinker and business leader. With CIOs now charged with more business-related performance factors, such as financial accountability, strategic partnerships and performance metrics, CISOs are expected to step into advisor roles to offer CIOs the support needed to make key business decisions. To do this, CISOs must become strategic thinkers who understand how technology impacts business results and goals.
Communicate and collaborate. As CIOs are called upon to be part of the larger business model, CISOs must emerge from the isolation of the technology world and develop the communication skills necessary to gather and disseminate information without clouding it with technical jargon. They must work collaboratively with CIOs, stakeholders, partners and subject-matter experts to continually nurture communication channels and gain a better understanding of organizational needs and direction. By fostering these relationships, CISOs will also develop the connections necessary to create buy-in and consensus in the decision-making process.
Be proactive and adapt. Business climates are constantly changing, and CISOs need to proactively seek out new processes and solutions that will propel their organizations forward. They need to adapt to changing environments, allow the decision-making process to be fluid and flexible, and embrace constantly changing priorities.
SUCCESS FACTORS FOR CISOs
As CISOs continue to transition into their new roles and develop better business acumen, several key components can be implemented to meet – and hopefully exceed –CIOs’ expectations.
Understand key drivers and business goals. As CISOs become trusted advisors to CIOs, they need to gain and maintain a thorough understanding of their organizations’ priorities and goals. Given the fluidity of the business environment, this must be an on-going conversation between the CIO and CISO. As they gain insight into business direction and goals, CISOs should be sensitive to the impact their recommendations will have on business objectives and should leverage their technical expertise to recommend appropriate strategic solutions and directions.
Be forward thinking and innovative. The shift from technology expert to business advisor does not mean that evolving technology issues, products and services can take a back seat. CISOs need to stay abreast of changes in business and technology, and continue to innovate. CISOs need to look within their companies to continually modify needs, and they need to look outside the company for options that can positively impact corporate goals. For example, many companies use outsourced technology solutions, like cloud services, to control costs and potential downtime. CISOs must remain open-minded and future-looking to drive solution development and corporate positioning.
Offer solutions. CIOs have their hands full dealing with high-level decisions and their related impacts. To alleviate the demands on CIOs, CISOs need to attack pending or foreseeable issues – before they fall on the CIO’s shoulders – and counter then with solutions. CISOs who deliver solutions that address business implications and have team member buy in provide a value to CIOs and further secure their roles as trusted advisors.
Accept risk and disruptions. Risk and disruption are inherent parts of a CISO’s job. This, however, does not mean it is okay to sit idly by waiting for disaster to strike. CISOs must establish upfront processes that handle emergencies as seamlessly as possible. An emergency response plan that reflects the company’s risk tolerance and strategy will eliminate the imminent panic factor and substitute it with a pre-designed set of instructions for a quick, strategic response.
Having broken free of their restraints and restrictions, CIOs and CISOs strive to become more comfortable in their newly defined roles and in developing strong, interdependent relationships. As they focus on becoming trusted guides and resources to each other and their organizations, they can revel in their ability to navigate the complex labyrinth of today’s business world — a world they are now free to move around.