The New CISO’s Role: Building Security Mindfulness, Credibility, and Influence

In episode 85 of The New CISO, host Steve Moore was joined by guest Rupa Parameswaran, former Head of Security at Amplitude and current VP of Security & IT at Handshake. Rupa shares her journey into cybersecurity, her experiences, and her top tips for boosting security mindfulness in any organization. In this blog post, we’ll explore the key takeaways from Steve’s conversation with Rupa and share her practical advice for security leaders.

In this article:

• From pilot dreams to a love of computer engineering
• Security mindfulness: the foundation of a strong security culture
• Building credibility and influence: the key to effective security leadership
• Engaging with the board: balancing facts and emotion
• Conclusion

From pilot dreams to a love of computer engineering

Born and raised in India, Rupa initially aspired to become an Air Force pilot, but eventually found her passion in computer engineering. After completing her undergraduate studies, she was given the opportunity to work on an AI project for a professor at the esteemed Indian Institute of Science, which led her to pursue her Master’s and Ph.D. at Georgia Tech in the United States.

Rupa discusses the changing landscape for women in India and emphasizes the importance of finding one’s passion and building a support network. She acknowledges that India has traditionally been a male-dominated society, but improvements in attitudes towards women pursuing their careers have emerged, especially in urban areas. Rupa’s mother, who faced many challenges growing up as the youngest and only girl in a family of nine children, instilled the importance of parental and societal support in children’s upbringing. “She spent a lot of her life fighting to be recognized, fighting for independence,” Rupa says about her mother. “If she had a little more support, she would’ve been a doctor today.” Because of this, Rupa says, her mother was determined to make sure that if she had a child, they would be supported in everything they wanted to do. Rupa considers herself lucky to have had her mother’s support growing up.

Security mindfulness: the foundation of a strong security culture

According to Rupa, security mindfulness is the cornerstone of a strong security culture within an organization. She defines security mindfulness as “where security is at least thought of.” The goal is to ensure that everyone in the organization is aware of security concerns and incorporates them into their decision-making processes. As she explains, “If someone’s willing to spend those five minutes at least thinking about security, I’d say I’ve won the security mindfulness game.”

To cultivate security mindfulness, CISOs should strive to:

• Raise awareness —Hold regular meetings, workshops, and tabletop exercises to educate employees on potential security risks and the importance of considering them in their daily work.
• Build allies — Develop relationships with key stakeholders across the organization, such as engineering teams, product managers, and executives, to ensure that security concerns are adequately represented in strategic discussions and decision making.
• Create security champions — Identify and empower employees who are passionate about security to become advocates and evangelists for security mindfulness within their teams.

Building credibility and influence: the key to effective security leadership

Rupa emphasizes the importance of credibility and influence in driving security initiatives within an organization. She notes, “Credibility, to me, is more about building that trust among the people that you have to work with.”

To build credibility and influence, a CISO should:

• Understand the business — Demonstrate a deep understanding of the organization’s products, challenges, and objectives. This will help establish the CISO as a trusted advisor who can provide relevant and practical security guidance.
• Leverage data — Use data to support security recommendations and decisions. This will help the CISO demonstrate the value of security initiatives and justify the investment in resources.
• Prioritize and deliver — Focus on high-impact security initiatives and consistently deliver on commitments. This will help build trust and demonstrate the CISO’s ability to execute effectively.
• Communicate effectively — Speak the language of the business and present security concerns in terms that resonate with the audience. This will help the CISO build rapport and ensure that security messages are understood and acted upon.

Engaging with the board: balancing facts and emotion

When presenting to the board or executive leadership, Rupa advises CISOs to strike a balance between delivering facts and evoking emotions. She suggests using the “shock and awe” approach, which involves highlighting a critical issue and quickly following up with a solution. However, Rupa also cautions that it’s essential to “understand what clicks and what doesn’t” with the audience and tailor the approach accordingly.

To engage effectively with the board, CISOs should:

• Build one-on-one relationships — Develop personal connections with board members and executives to better understand their perspectives, concerns, and expectations.
• Emphasize security as an enabler — Present security initiatives as a means to support the organization’s success and create value for customers and stakeholders.
• Use the right language — Communicate security issues in terms that the board can understand, avoiding jargon and focusing on the business impact.
• Be solution-oriented — When presenting potential risks, always follow up with actionable solutions to demonstrate the CISO’s ability to address and mitigate security threats.

Conclusion

Rupa Parameswaran’s insights serve as valuable guidance for individuals looking to carve their own path in their careers. The role of the new CISO is always changing, requiring security leaders to adapt to shifting trends and the unique needs of their organizations. By fostering security mindfulness, building credibility and influence, and engaging effectively with the board, CISOs can drive meaningful change and create a strong security culture within their organizations. As Rupa emphasizes, the new CISO’s role is “not something that can be taught or learned in any school. It’s something where you evolve and grow with the business and with the trends that are happening around you.”

Listen to the Podcast

To hear more of her insights and experiences, listen to the full episode or read the transcript.