Thursday, November 3, 2016

CISO: Relationships with senior executives and board of directors

In 2016 for a SANS Technology Institute project to insure we were positioning graduates for success, I ran a series of polls on Linkedin and also with the GIAC Advisory Board on the characteristics of a successful CISO. We then ranked those by ICF values, (Important, Critical, Frequent). The highest scoring value was building relationships with senior executives and board of directors. This post is a survey of my chosen tips from the top ten Google returns on the subject. My request, is that you would use the comment feature of either blogger or Linkedin to share your insights on what is most important, and or mention what you feel is missing. In return, I will attempt to distill the information into a condensed format that will be available for the community to use.

Make the first meeting count. It is imperative to get off on the right foot. If the first meeting goes poorly, it is unlikely that you can be successful as a CISO. To be successful, you have to focus on the things that matter to senior executives. There is no single list, but here are some ideas and concepts to get you started.

From an actual job posting: Responsible for an area within the Strategy Office, (SO), (also called strategic planning), senior executives are going to expect the CISO to focus on strategy deployment, growth, go-to-market, strategic Intelligence, network integration, strategic transactions) which will include leading projects/relationships, developing standardized practices/processes, and managing/leading teams of people within the SO and across the Enterprise.

HBR.ORG, (possibly paywalled), has an article on the seven things you need to do to thrive in the C-suite. They list leadership, strategic thinking and execution, technical and technology skills, team and relationship building, communication and presentation, change management and integrity.

As a CISO you will have more face time with senior executives than members of the board of directors, so this can be even more important to make and maintain a good impression. Have a plan, and get your entire company and board to understand and support it. The Jack Welch book, Straight from the gut, illustrates his experience of sharing the vision with the organization continuously.

 Techcrunch has a great article on dealing with the board, a few of the points are:
  • Tell the board if the plan changes for tactical reasons.
  • Tell the if the plan is changing a lot for “big reasons”, (strategic).
  • Strategy mistakes are harder to admit than execution mistakes.
  • Email is good for delivering straightforward information; board meetings are good for explaining complicated information and discussing alternatives.
Stephen Northcutt is Director for Academic Advising at SANS.EDU and chair for SANS Rocky Mountain 2017.

No comments:

Post a Comment