The Journey to CISO Success Through Authenticity and Adaptability

In episode 89 of The New CISO, host Steve engages in a candid conversation with Mike Kelley, CISO at the E.W. Scripps Company, discussing his career progression and valuable advice for those looking to become successful CISOs. Mike’s journey, from KPMG to his current role, underscores the significance of transparency, adaptability, and relationship building when stepping into a new CISO position.

In this article:

• A diverse background lays the groundwork
• The art of relationship building
• Reflecting on career choices and embracing adaptability
• Cultivating a fearless and innovative mindset
• Transparency and authenticity in leadership
• Key takeaways for aspiring and new CISOs

A diverse background lays the groundwork

Steve notes that everyone’s career journey is unique, starting from different places. Mike’s security career has its roots as an auditor at KPMG, shortly after the introduction of the Sarbanes-Oxley Act (SOX). Mike recalls, “Everyone was kind of scrambling to get compliant, then somebody had to audit them.” This early experience allowed him to work with a diverse array of companies, developing resilience in the face of adversity — skills that would later prove helpful as a CISO. “That constant change, that constant learning, is what really helped me out early on,” says Mike. 

As the E.W. Scripps Company has evolved over the years, securing the enterprise remains the central focus of its security team. Mike’s role encompasses both traditional enterprise security and consumer-facing security, with responsibilities spanning cloud workloads, infrastructure code, and supply chains, among other customer-related aspects.

The art of relationship building

Mike emphasizes that building relationships with stakeholders across the organization is critical when beginning a new CISO role. By actively engaging with others, new CISOs can better understand the strategic direction of the company and the concerns of different departments. He notes, “I think getting closer to the organization is the key thing when you step into a role like this.”

Mike suggests creating a stakeholder engagement map when starting in a new security role to identify influential individuals within the organization. Regularly touching base with these people, whether through coffee meetings or brief conversations, can help CISOs stay updated on current developments and build strong relationships.

Reflecting on career choices and embracing adaptability

While Mike looks back fondly on his time at KPMG, he admits that he would have liked to delve deeper into security audit-specific work. It wasn’t until several years later that Mike identified his true passion for security. “It wasn’t until later when I started seeing where security was going that I saw the pendulum swinging towards security becoming more important than compliance.”

Mike’s “mental model” of adaptability has helped him excel in his career. He stresses the importance of being comfortable with not knowing everything and pushing oneself to learn and grow. “You can learn anything. You just have to push yourself out there and push boundaries and not be afraid to fail,” Mike asserts. This mental model combines transparency, humility, and the confidence of knowing that he possesses the ability to adapt quickly.

Cultivating a fearless and innovative mindset

Both Steve and Mike agree that fostering a mindset that embraces trying new things without fear is vital in leadership. Mike encourages his team to continually learn and explore new opportunities, recognizing the dangers of becoming too comfortable in one’s role. “There’s a bias that begins to form in the minds of people that are too comfortable. It’s dangerous from a security standpoint,” Steve warns.

Transparency and authenticity in leadership

Mike is a firm believer in transparency and authenticity, opposing the “fake it till you make it” approach. He argues that being genuine and open about one’s capabilities — even when accepting new roles — encourages others to support and invest in one’s success. He shares the story of how he transparently discussed his limited security experience when offered a cybersecurity leadership role at Dana, and how this approach led to greater success. “By being more transparent, not really faking it until you make it, by being human, others are engaged in your success. Having humility actually brought others closer to me to help me be successful because they understood that I didn’t know everything,” he says.

Steve agrees, saying, “Authenticity is one of the rarest elements in the professional world.” This authentic approach allows new CISOs to build trust and foster genuine connections with their team and stakeholders, leading to a more cohesive and successful organization.

Key takeaways for aspiring and new CISOs

Mike and Steve provide advice for aspiring or new CISOs looking to make a positive impact within their organizations. They suggest asking the following questions during the interview process:

• What’s the purpose of the role?
• Why is this role being created or why does it exist?
• What is the company’s approach to new things?
• How does the company handle challenges?
• Are there other people besides the hiring manager that can be interviewed?
• What is your definition of success for this position?
• How do you envision this role in one year?

Some key takeaways from Mike’s journey include:

1. Embrace constant learning and change, as it can provide a strong foundation for future leadership roles.
2. Prioritize relationship building with stakeholders across the organization to better understand the strategic direction of the company and address the concerns of different departments.
3. Develop a mental model of adaptability, focusing on being comfortable with discomfort and maintaining the confidence to learn and grow.
4. Encourage a youthful, fearless approach to trying new things within your team, fostering a culture of continuous growth and innovation.
5. Practice transparency and authenticity in your leadership style, as it helps to build trust and encourages others to engage in your success.

By incorporating these lessons into their own leadership style, new CISOs can create a dynamic and thriving security environment within their organizations. As Mike demonstrates, it’s not just about technical expertise, but also about the personal qualities and connections that drive success.

Listen to the Podcast

For those interested in more of Mike’s insights and experiences, don’t miss the full episode or read the transcript. Discover how authenticity, adaptability, and strong relationships can lead to a successful and fulfilling journey as a CISO.