The New CISO’s Role: Building Security Mindfulness, Credibility, and Influence
In episode 85 of The New CISO, host Steve Moore was joined by guest Rupa Parameswaran, former Head of Security at Amplitude and current VP of Security & IT at Handshake. Rupa shares her journey into cybersecurity, her experiences, and her top tips for boosting security mindfulness in any organization. In this blog post, we’ll explore the key takeaways from Steve’s conversation with Rupa and share her practical advice for security leaders.
In this article:
- From pilot dreams to a love of computer engineering
- Security mindfulness: the foundation of a strong security culture
- Building credibility and influence: the key to effective security leadership
- Engaging with the board: balancing facts and emotion
From pilot dreams to a love of computer engineering
Born and raised in India, Rupa initially aspired to become an Air Force pilot, but eventually found her passion in computer engineering. After completing her undergraduate studies, she was given the opportunity to work on an AI project for a professor at the esteemed Indian Institute of Science, which led her to pursue her Master’s and Ph.D. at Georgia Tech in the United States.
Rupa discusses the changing landscape for women in India and emphasizes the importance of finding one’s passion and building a support network. She acknowledges that India has traditionally been a male-dominated society, but improvements in attitudes towards women pursuing their careers have emerged, especially in urban areas. Rupa’s mother, who faced many challenges growing up as the youngest and only girl in a family of nine children, instilled the importance of parental and societal support in children’s upbringing. “She spent a lot of her life fighting to be recognized, fighting for independence,” Rupa says about her mother. “If she had a little more support, she would’ve been a doctor today.” Because of this, Rupa says, her mother was determined to make sure that if she had a child, they would be supported in everything they wanted to do. Rupa considers herself lucky to have had her mother’s support growing up.
Security mindfulness: the foundation of a strong security culture
According to Rupa, security mindfulness is the cornerstone of a strong security culture within an organization. She defines security mindfulness as “where security is at least thought of.” The goal is to ensure that everyone in the organization is aware of security concerns and incorporates them into their decision-making processes. As she explains, “If someone’s willing to spend those five minutes at least thinking about security, I’d say I’ve won the security mindfulness game.”
To cultivate security mindfulness, CISOs should strive to:
- Raise awareness —Hold regular meetings, workshops, and tabletop exercises to educate employees on potential security risks and the importance of considering them in their daily work.
- Build allies — Develop relationships with key stakeholders across the organization, such as engineering teams, product managers, and executives, to ensure that security concerns are adequately represented in strategic discussions and decision making.
- Create security champions — Identify and empower employees who are passionate about security to become advocates and evangelists for security mindfulness within their teams.
Building credibility and influence: the key to effective security leadership
Rupa emphasizes the importance of credibility and influence in driving security initiatives within an organization. She notes, “Credibility, to me, is more about building that trust among the people that you have to work with.”
To build credibility and influence, a CISO should:
- Understand the business — Demonstrate a deep understanding of the organization’s products, challenges, and objectives. This will help establish the CISO as a trusted advisor who can provide relevant and practical security guidance.
- Leverage data — Use data to support security recommendations and decisions. This will help the CISO demonstrate the value of security initiatives and justify the investment in resources.
- Prioritize and deliver — Focus on high-impact security initiatives and consistently deliver on commitments. This will help build trust and demonstrate the CISO’s ability to execute effectively.
- Communicate effectively — Speak the language of the business and present security concerns in terms that resonate with the audience. This will help the CISO build rapport and ensure that security messages are understood and acted upon.
Engaging with the board: balancing facts and emotion
When presenting to the board or executive leadership, Rupa advises CISOs to strike a balance between delivering facts and evoking emotions. She suggests using the “shock and awe” approach, which involves highlighting a critical issue and quickly following up with a solution. However, Rupa also cautions that it’s essential to “understand what clicks and what doesn’t” with the audience and tailor the approach accordingly.
To engage effectively with the board, CISOs should:
- Build one-on-one relationships — Develop personal connections with board members and executives to better understand their perspectives, concerns, and expectations.
- Emphasize security as an enabler — Present security initiatives as a means to support the organization’s success and create value for customers and stakeholders.
- Use the right language — Communicate security issues in terms that the board can understand, avoiding jargon and focusing on the business impact.
- Be solution-oriented — When presenting potential risks, always follow up with actionable solutions to demonstrate the CISO’s ability to address and mitigate security threats.
Rupa Parameswaran’s insights serve as valuable guidance for individuals looking to carve their own path in their careers. The role of the new CISO is always changing, requiring security leaders to adapt to shifting trends and the unique needs of their organizations. By fostering security mindfulness, building credibility and influence, and engaging effectively with the board, CISOs can drive meaningful change and create a strong security culture within their organizations. As Rupa emphasizes, the new CISO’s role is “not something that can be taught or learned in any school. It’s something where you evolve and grow with the business and with the trends that are happening around you.”
From Unassuming Beginnings to CISO Excellence: A Journey with Andrew Wilder
10 Essential Episodes of The New CISO Podcast
Generative AI and Top Honors: Highlights from Google Cloud Next ‘23
Defending Against Ransomware: How Exabeam Strengthens Cybersecurity
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See How New-Scale SIEM™ Works
New-Scale SIEM lets you:
• Ingest and monitor data at cloud-scale
• Baseline normal behavior
• Automatically score and profile user activity
• View pre-built incident timelines
• Use playbooks to make the next right decision
Request a demo of the industry’s most powerful platform for threat detection, investigation, and response (TDIR).
Get a demo today!