The New CISO Podcast Episode 89: Be Comfortable Being Uncomfortable: Managing New Roles and Next Steps with guest Mike Kelley
Podcast Transcript | Air Date April 20, 2023
Listen to Steve and Mike discuss how leaders should assist their team with career development and why “fake it until you make it” makes for bad career advice:
Meet Mike (1:44)
Host Steve Moore introduces our guest today, Mike Kelly.
Mike shares his role in the enterprise and consumer-based security field and how his duties differ from those in an internal security environment. Although he would say that consumer-based security is not clearly defined, his goal is to keep all things related to the consumer secure, in addition to the typical CISO goals.
His Start (3:36)
Before working at E.W. Scripps, Mike worked at KPMG, one of the big four firms. There, Mike performed external audits but also did some compliance consulting as well.
Although no one wanted an auditor there, especially to answer his questions, Mike had to work on building a rapport with people in difficult situations. Through this role, Mike was exposed to numerous companies, allowing him to learn constantly. He may not have wanted to start in audits if he could do it all again, but this experience prepared him for his cyber security career.
Adapting With Transparency (9:02)
Mike has become comfortable with being uncomfortable and transparent when he doesn’t know something. When he got his CISO job, he told HR that this position was new to him and that he had a lot to learn.
Being confident enough to say “I don’t know” is Mike’s mental motto because he knows he can adapt to new challenges. Ultimately anything is learnable as long as you push yourself, a mentality he encourages in his team.
The Burn the Boats Method (17:42)
After reflecting on his career decisions, including telling a company to fire him if he didn’t succeed as a director, Steve presses Mike on how he would react to someone sharing this approach.
If one of Mike’s employees wanted to try a position out and see what happens, Mike would like to ease them into that role. He would let them transition through responsibilities first before changing that person’s title. Ultimately, trying and failing is okay, but Mike wants his team to fail soft versus hard.
Falling Into Cyber Security (21:42)
After looking for cyber security jobs for three years, Mike eased into this field through a position in compliance. Working side-by-side with security professionals, Mike was able to dip his toes.
After lunch with his manager, he was offered the CISO role, and Mike immediately said yes. Mike admitted he didn’t know what he was doing but was encouraged to take this job.
Rolling With It (25:01)
Steve asks Mike if he ever wishes he said no when offered the CISO job. Mike knew this was the field he wanted to pursue, and he felt comfortable being transparent about his experience.
Interview Questions (31:18)
If you are a new CISO wanting to ask good questions in an interview, Mike suggests asking the purpose of that role at that company. Another helpful question concerns the company’s approach to trying new things and handling challenges.
The Definition of Success (34:13)
When evaluating a company during an interview, it’s essential to find out what that company’s definition of success is. Mike defines success as being aligned with the business that employs you and being seen beyond the security status.
The Important People (36:50)
If you don’t know where to start when beginning a new position, Mike suggests finding out who has influence in the organization and who delivers results.
Once you know who those people are, you can nurture those relationships and get their input about the initiatives you want to implement.
Bad Advice (42:21)
The worst advice Mike received was “fake until you make it.” Although that approach may have good intentions, it is better to be transparent about your abilities.
A quick way to imposter syndrome is to fake it. When you have humility, more people are inspired to help you toward your career goals.
The New CISO (44:04)
To Mike, a new CISO is getting close to your organization’s strategic direction and getting an opportunity to take that to the next level. Having a leadership position is how he defines a successful CISO.
Links mentioned: