The Future of Cybersecurity Leadership: Lessons from CISOs in the Trenches

In today’s business environment, which is fraught with security risks, organizations need dynamic and adaptable security leaders to stay ahead of threats. On episode 79 of The New CISO, Demetrios “Laz” Lazarikos, a three-time CISO and co-founder of Blue Lava Security, shares valuable insights from his conversations with some of the industry’s most influential CISOs. In this blog post, we explore these critical lessons and discuss how aspiring cybersecurity professionals can learn from these accomplished leaders.

The evolving role of CISOs

Laz explains how the role of CISOs has changed significantly over the years. Previously, CISOs were primarily focused on technical aspects of cybersecurity. However, today’s CISOs need to be well rounded and possess a mix of technical expertise, business acumen, and leadership skills. As Laz puts it, “Today’s CISOs need to be able to communicate the business value of security and why it’s important to the organization.” He adds, “You have to be able to speak the language of the business, not just the language of cybersecurity.”

Building trust as a CISO

Laz emphasizes that building trust is critical for any CISO to succeed. Trust is essential for fostering relationships and cooperation among employees at all levels. Laz shared an example of a CISO who was able to build trust by actively participating in meetings, listening to others, and providing valuable insights. This helped him earn the respect and trust of his colleagues, who started to view him as a reliable partner.

He also highlights the importance of being transparent with employees, stating that “CISOs should be transparent about the current state of the organization’s security, the risks they face, and the steps being taken to mitigate them.” Laz asserts, “Transparency is key in building trust and credibility with your team and the organization.”

The importance of networking

Networking is critical for CISOs, as it allows them to build relationships with other industry professionals, share ideas, and learn from one another. Laz encourages aspiring cybersecurity professionals to engage in networking events and conferences, and to actively participate in online communities related to cybersecurity. “Networking is so powerful,” he says. “It’s like a living library of knowledge that you can tap into.” He continues, “Your network can help you solve problems, find new opportunities, and stay ahead of the curve in this rapidly evolving field.”

Giving back and teaching others

Many successful CISOs are passionate about sharing their knowledge and experience with others. Laz speaks about Curtis Coleman, former CISO of Seagate, who built a cybersecurity program at Oklahoma Christian University. Coleman’s program has been recognized by the federal government as a Center for Academic for Excellence (CAE). Curtis is an example of a practitioner who has given back to the community by combining his expertise with a partnership with the government to create a high-quality educational program.

Laz also mentions Sebastian Goodwin, CISO for Nutanix, and Todd Barnum, CISO at GoPro, as other examples of professionals who have started working with universities to give back and teach. He suggests that those interested in teaching reach out to schools and universities to explore opportunities for guest lecturing or instructing in the field of cybersecurity, technology, or leadership.

Essential qualities for new CISOs

For aspiring cybersecurity leaders, Laz identifies a few key qualities that are essential for success. He believes that new CISOs should be coachable, open to feedback, and willing to learn new ways of doing things. “Traditional ways of being a CISO have helped us get to where we are, but we have to be thinking about the future,” Laz says.

He also stresses the need for CISOs to work closely with the business side, constantly improve their management skills, and be prepared to uplevel their game in order to become a board member or executive. “As a CISO,” says Laz, “you need to be able to communicate your vision and strategy effectively, not only to your team but also to the board and other stakeholders.”

Conclusion

The landscape of cybersecurity is always evolving, and so must the leaders who guide organizations through these challenges. By learning from the experiences and insights shared by seasoned CISOs, aspiring cybersecurity professionals can equip themselves with the right mindset, skills, and network to excel in the industry.

As the role of the CISO continues to evolve, it is essential for cybersecurity leaders to be adaptable, business-savvy, and strong communicators. They should prioritize building trust with their teams, fostering an environment of transparency, and actively engaging in networking events and communities.

Giving back to the community through teaching and mentorship is another important part of being a CISO. By sharing their expertise and insights with the next generation of cybersecurity professionals, CISOs can help shape a more secure future for everyone.

In summary, the future of cybersecurity leadership will depend on individuals who are coachable, open to feedback, and constantly striving to improve themselves. By embracing these qualities and learning from accomplished CISOs, the cybersecurity leaders of tomorrow will be well-prepared to navigate the challenges and opportunities that lie ahead.

As Laz advises, “There’s no one-size-fits-all approach to being a CISO, but embracing change, continuous learning, and collaboration with others in the industry will set you on the right path.”

To gain even more valuable insights from Laz’s experiences and advice, listen to the full episode or read the transcript.