The Importance of Storytelling and Collaboration for CISOs
The role of a CISO is more critical now than ever before. Managing risks, ensuring compliance, and building a culture of security within an organization are just a few of the many responsibilities they carry.
On episode 77 of The New CISO, Tom August, a seasoned CISO and cybersecurity expert with a background in external auditing, shares valuable insights on the importance of storytelling and collaboration in the cybersecurity world. In this blog post, we’ll explore Tom’s thoughts on the challenges CISOs face, the power of storytelling, and the qualities of an effective CISO.
In this article:
- The art of storytelling
- Emphasizing people and processes
- Balancing risk management and compliance
- Collaboration and business partnership
- Adaptability and respectfulness
The art of storytelling
According to Tom, one of the essential skills a CISO must master is the art of storytelling. He says, “If you can explain why something is important, I believe the how’s and the whens and the where’s will follow naturally as part of the discussion.” To effectively convey the importance of security initiatives, CISOs must first establish a compelling “why,” focusing on the problem they are trying to solve and the desired outcome.
Tom emphasizes that “a confused mind always says no.” CISOs must remove confusion and present their stories in a way that is easy to understand, relatable, and free from unnecessary jargon. By keeping the focus on the problem and the desired outcome, CISOs can build a strong foundation for securing resources and support from key stakeholders.
Emphasizing people and processes
While technology plays a significant role in cybersecurity, Tom believes that people and processes should come first. He explains, “The way I learned it a long time ago is, it’s people, process, and technology in that order. Technology’s kind of last. The people and process have to come first.” By prioritizing people and processes, CISOs can create a more robust security posture that goes beyond mere compliance.
Balancing risk management and compliance
Tom highlights the difference between risk management and compliance, noting that compliance frameworks can be limited and may not adequately address the unique risks faced by an organization. He shares a powerful analogy: “You can be driving down a road and most of us drive or have driven in a car or been in a car. So, I think everyone can relate to this. But if you drive on a road, you can have your hands 10 and two on the wheel because that’s the best practice. You can have your seatbelt on because that’s the law. You can be driving the speed limit because that’s the law… Light turns green, you cross the street and you’re dead because you got slammed into by a car that ran a red. Why? It’s your fault because you didn’t watch the road, and that’s not in the law.”
This analogy illustrates the importance of risk management and the need for CISOs to look beyond compliance checklists to ensure their organizations are adequately protected.
Collaboration and business partnership
Tom believes that a successful CISO must be a good listener, a strong business partner, and a subject matter expert. He states, “Our role as a CISO is to remove confusion, to tell a story in such a way that we can lay enough breadcrumbs for people to follow along.” By fostering strong relationships with business leaders, CISOs can provide valuable guidance and support, helping to steer the organization in the right direction.
Adaptability and respectfulness
As the cybersecurity landscape evolves, a CISO must be adaptable and willing to learn from others. Tom emphasizes the need for humility and respect, stating, “It has to be very careful, very respectful because they’re weighing business decisions that information security professionals have no idea that are on the fate of the entire organization.”
By embracing storytelling, focusing on people and processes, balancing risk management and compliance, and fostering collaboration and business partnerships, CISOs can effectively guide their organizations through the complex world of cybersecurity. Tom August’s insights underscore the importance of adaptability, respectfulness, and strong communication skills in navigating the unique challenges faced by CISOs today.
Listen to the Podcast
To gain further insights from Tom August’s wealth of experience and to delve deeper into the modern CISO’s role, listen to the full episode or read the transcript.
Safeguarding Banks With Security Updates, Patching, and Pen Testing
8 Critical Considerations For Defending Against Insider Threats
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See How New-Scale SIEM™ Works
New-Scale SIEM lets you:
• Ingest and monitor data at cloud-scale
• Baseline normal behavior
• Automatically score and profile user activity
• View pre-built incident timelines
• Use playbooks to make the next right decision
Request a demo of the industry’s most powerful platform for threat detection, investigation, and response (TDIR).
Get a demo today!