1. Broad knowledge of cybersecurity principles, ranging from technical to human to physical.
2. Deep knowledge of the cyber threats we face today, and tomorrow. A CISO must understand the motivation behind malicious actors, and knowledge of the techniques, tactics and procedures used can help us better defend, detect, isolate, and recover from the inevitable.
3. Ability to understand the balance between risk and security, and how to integrate this into a given organization.
4. Expert experience in at least one cybersecurity discipline
5. Incredible organizational ability, keep people on task and focused in order to build, design, deliver, and expand the information security program.
6. Ability to prioritize and triage incident response and vulnerability remediation in a calm balanced manner.
7. Ability to effectively communicate technical information to non-technical audiences.
8. The ability to tie business context/concept to data protection and technical components within the IT and InfoSec space. Doesn't mean they need to be an expert; means that they need to be able to connect these dots for other business leaders.
9. Liaison between technology and the business, collaboration focused.
10. Clear understanding of which battles to fight
11. Capability focused, not vendor/tool focused
12. Strong leadership skills at both the organizational and individual contributor levels.
13. Relationships (inside the org and out), (think Tipping Point connector)
14. Ability to attract and retain top tier technical talent
15. Mentoring (up and down)
16. Taking care of the team you are privileged to lead
17. Creative thinking, able to apply adaptive strategic and tactical thinking.
18. Life long learner
20. A sense of humor.