Cyberwar is hell.
Cybercriminals are not just evolving; they are thriving. According to one cybersecurity expert, there are ten skills your cyber commander-in-chief security must possess if they are to defend your agency.
“A skilled chief information security officer (CISO) is the vanguard of hope against persistent threats,” says Sylvester “Sly” Cotton, PhD, who had a distinguished career within the Department of Defense and the US Army dedicated to the security of digital infrastructure. He is the author of Cyberspace Guardians: A Comprehensive Guide for Choosing the Right CISO.
The influence of combat veteran Cotton, a retired US Army Colonel, extends beyond the military sphere. His expertise found resonance in academia and industry, including Unisys Corporation, Engility/SAIC, and CALIBRE Systems.
“The battlefield is not just in the trenches of code and data; it extends to boardrooms, team huddles, and strategy brainstorming sessions,” Cotton relayed to me during a recent phone interview.
Here are the hard and soft skills Cotton says you should look for in a great cybersecurity chief officer:
- Technical Expertise: This technical savvy empowers the CISO to predict and combat cybersecurity threats, fortifying the organization’s digital fortress. A CISO must exhibit a comprehensive knowledge of diverse cybersecurity aspects, like encryption, network security, cloud computing, and data protection.
- Risk Management: This ability necessitates a harmonious blend of technical understanding and strategic foresight to recognize potential threats and craft preemptive countermeasures. This also involves creating a culture of security awareness within the organization.
- Compliance: The CISO must ensure the organization’s adherence to an ever-evolving landscape of laws and regulations related to data security and privacy. Failure to comply can result in severe penalties and damage to the organization’s reputation, making this skill absolutely critical.
- Incident Response: This capability involves developing comprehensive incident response plans, coordinating response teams, and ensuring the quick recovery of affected systems. Incident response also encompasses communication skills.
- Vendor Management: This skill involves evaluating vendors’ security practices, monitoring their compliance, and dealing with potential vulnerabilities. A CISO must ensure that all partners in the business ecosystem uphold the same high-security standard.
- Leadership: This role goes beyond being an expert on cyber threats. It is about leading the organization with a clear vision, communicating effectively with various stakeholders, and making critical decisions under pressure.
- Communication: A CISO must possess excellent communication skills to relay information about cybersecurity to various audiences effectively and must be adept at tailoring their communication to the audience’s understanding level.
- Collaboration: They must work closely with IT, legal, HR, and operations to ensure a holistic approach to cybersecurity. This collaboration enables them to align security strategies with the broader organizational objectives and ensures that all departments comply with the organization’s security policies.
- Adaptability: A CISO must be highly adaptable, constantly updating their knowledge and skills to stay ahead of the curve. This adaptability extends to managing changes within the organization, such as new technologies or business processes, ensuring that the organization’s security measures remain robust despite these changes.
- Strategic Thinking: They predict looming threats and architect far-reaching security strategies. This foresight blooms from a profound understanding of the organization’s business objectives, the current cybersecurity landscape, and potential future trends.
“CISOs must be visionary leaders, helming the complex task of safeguarding an agency’s digital assets while ensuring that security roadblocks do not hinder its strategic ambitions,” says Cotton.