On today’s episode, we are joined by Andrew Obadiaru, CISO and Head of IT for Cobalt. Andrew discusses using soft skills to build connections within an organization.
Two Roles in One
Andrew discusses what it’s like to oversee both security and IT. The fields overlap in many ways and differ in others. He’s not the only guest who has taken on this joint role of security and technology. Andrew explains how depending on the industry and the size of the company, having one person managing both departments can either be extremely helpful or burdensome.
For those entering that joint role with background in only one field, Andrew emphasizes getting to understand why IT or security is important and how it operates. With the help of good managers, you can overcome your lack of experience.
Challenges in Perspective
Andrew chats about the challenges in the industry, mainly how cybersecurity departments must prove their worth to their own company. Only when there’s a breach do many businesses see the importance of cybersecurity. As cybercrimes can happen due to anyone’s actions within an organization, it’s especially important to convey the purpose of the department.
Andrew believes that if you can point to related data points — for example, how cybersecurity impacts the ROI – then you can properly convince others of its value add.
Developing Soft Skills
When selling the idea of cybersecurity to the rest of an organization, Andrew says to lean on soft skills. Learn the right balance between technical and business language to express yourself when talking to executives. Andrew encourages CISOs to focus on understanding concepts and get into the more technical details only if asked.
When entering budgeting meetings, your approach must be different than it is for other topics. Andrew encourages CISOs to really understand the crown jewels of the organization, as well as its risks. When you can figure out what’s valued within the company and how well – or not well – it’s protected, then you can properly convey what you need.
If you’re entering a routine optics meeting, you want to outline the current threats that the industry or competitors have seen and discuss how you plan to mitigate those.
Prior to entering a budgeting meeting, it’s important to have allies on your side. This doesn’t mean just someone who you ask to back you before the meeting begins. Andrew stresses that building connections and creating allies can take weeks or even months and should look like you conveying to leaders how cybersecurity will impact their departments. So when asking for a larger budget and explaining why, the other department heads will understand the relevance and are more likely to back you.
Andrew has a background as an auditor, which he feels has benefitted him greatly. As he moved further into his career, he has found that his exposure to difficult conversations around money have helped him with his work now. He doesn’t feel intimidated, as he knows how to discuss difficult topics. Andrew believes that having a diverse background can be helpful in handling interpersonal relations or even conflict during meetings.
Maturity vs. Efficacy
Andrew differentiates a mature organization from an effective one. A mature organization may have a lot of documentation, repeatable steps and other solid processes. However, maturity within in an organization doesn’t always point to how effective they are in a crisis.
“Are We Secure?”
Oftentimes, the CEO or other execs will ask “are we secure, now?” Andrew shares his advice on how to answer without making promises you can’t guarantee. If asked this question in an interview, Andrew explains how sharing a plan of action may be the most impactful answer.