This is an Executive Report of the Senior Security Leader cohort on August 13, 2024. This report captures the essence of the discussion, focusing on the major topics, challenges, and potential solutions discussed by the participants, who were supported by SME and LinkedIn Top Information Security Voice Petri Kuivala.
Fourteen senior security leaders participated actively in the conversation about the following topics:
1. Finding Your Ikigai and Career Focus
2. Technology Competence for CISOs
3. Effective Reporting to Senior Management
4. Cultural Challenges in Cybersecurity
5. Personal Development in Challenging Environments
Perspectives and experiences where shared on whether to focus on broad or narrow career paths, or leadership roles. Special emphasis on aligning personal mission with job mission, managerial support, and life goals.
It's important to remember that this development and discovery applies to everyone. Even if a tenured CISO is centered in their place and path, their people are probably on this journey. To be an impactful leader, you will want to help others find their Ikigai and career focus. In doing so, engagement and positive workplace culture will emerge.
1. Recommend to read about IKIGAI: Finding Your Ikigai: 8 Questionnaires and Tests (https://positivepsychology.com/ikigai-test-questionnaires)
2. Petri: “I have always considered three topics per Bret Arsenault guidance”
a. Is the mission of the new job in line with my personal mission?
b. Will my manager defend and help me to reach my goals?
c. Will my job enable me to achieve my personal life targets.
3. One test is: Are you proud of telling about your work to others and are your eyes shining when you do this (Are you passionate about it).
Being a good CISO isn’t just about having top-notch technical chops. Sure, technical skills are important, but they’re just one piece of a much bigger puzzle. We didn’t dive too deep into this, but it’s clear that there’s no one-size-fits-all when it comes to how technical a CISO needs to be.
What really matters is having a big-picture view and a sharp awareness of your surroundings. These are the tools that help you figure out the skills you need to succeed - and not just for yourself, but for your whole team, including what level of technical know-how is necessary.
Take Petri, for example. He’s a former police officer and lawyer, not your typical tech guru, but he’s always been “dangerous enough to ask the right questions” when it comes to tech. Do you need to be as technically skilled as Petri? Probably not.
The point is, there’s no need to beat yourself up if you don’t have every technical detail at your fingertips. The pace of change today is relentless, and it’s impossible for everyone to keep up with everything.
What’s crucial is knowing where to turn when you need answers. Instead of trying to be a one-person show, lean on your peers. The collective knowledge of your network is like having a safety net—it’s your Survival Equity.
The most successful CISOs aren’t the ones who know everything; they’re the ones who know where to find the answers. In the end, it’s about being smart enough to ask for help, wise enough to know who to ask, and confident enough to bring it all together for the success of your team.
Recommendations on resources for effective reporting, such as Gartner Outcome Driven Metrics and insights on focusing reporting on key topics.
1. We recommend you to review What's on Top of CISOs Mind's for July 2024: as it is packed with information and resources on this topic.
2. We recommend you to check the Gartner Outcome Driven Metrics (ODM) webinar. Petri has also a draft commentary about the webinar with his insights in it. Attached to this message.
3. Life as a CISO Podcast was recommended by one of the participant with the comment that “We CISOs can have tendency to go too much in to weeds….”
The difficulty and importance of building a security culture, strategies for cultural transformation, and the role of psychological safety and leadership communication.
1. Discussion revolved around the importance of building a stronger Security Culture and the challenges and how slow it can be.
2. One of the best Cyber Security Culture speeches Petri has seen: https://www.youtube.com/watch?v=1hSEZ9DcGa0
3. A “recipe” on how to change any culture by Simon Sinek: How to start a cultural transformation? - YouTube
4. Every company has its own culture. Petri recently tried to understand the components of a culture and one of the best generic studies about workplace culture is described in the book Diagnosing and Changing Organizational Culture: Based on the Competing Values Framework.
a. Petri: I think the core of Cyber Security culture emerged from: How the company approaches Psychological Safety and how the Leaders lead with (good or bad) example and how they communicate (supportively or ignorantly) about the topic.
b. There are easy ways to build “Positive brand around Security” e.g. by positively engaging people and using gamification in a friendly way. See e.g. the results of Qualcomm who took this approach: CONGRATULATIONS! Qualcomm wins CSO50 Award Recognition with phishing training for riskiest employees.
The most successful CISOs engage in a positive way and enable people to be the “shield carriers” next to them.
The group discussed the importance of curiosity, continuous learning, and leveraging skills developed in previous roles, especially when transitioning from governmental to corporate environments.
1. We would recommend you to visit the IKIGAI topic and be honest to yourself you: “If you have a feeling of stuck or feeling of positive safety”. 8 Questionnaires and Tests (https://positivepsychology.com/ikigai-test-questionnaires)
2. Participating to Round Tables, reading and in general just being curious of the world is the way to stay up-to-date.
3. Petri: When I moved from Governmental (Police Compute Crime unit) to Nokia. One of my strengths was the capability to
a. Do clear interviews (interrogations 😉) and
b. Document them in a manner people understood difficult topics. = remember, even if you might sometimes be frustrated, you most probably have developed skills that are rare at the “other side”.
In the end, it’s about being smart enough to ask for help, wise enough to know who to ask, and confident enough to bring it all together for your success and that of your team.
Taking advantage of a one-on-one conversation with Petri, is wise. The conversation topics are set and directed by you.
Ask Petri Kuivala about any challenge you have. Petri works with boards, CISOs, vCISOs, global CISOs, VP Information Security, VP IT Security, Security Awareness Directors, Director of Security Awareness, Cyber Security Architect, Behavior and Culture, and Human Risk Managers, assisting them in discovering new thinking…. Click the button to access Petri's calendar.
Cyberthreat Case Study Deep Dive
Access On-demandLearn as Petri Kuivala walks you through a real-life cyberattack case involving a nation state called Panda, which was related to a larger M&A case between two large companies. See the several-year hacking timeline and a high-level overview of how it happened and mistakes that could have been avoided.
Learn:
How to be prepared when the “s” hits the fan
How to be the successful CISO at the time of the storm
The most important things to do to prevent a cyberattack in the first place
Copyright © 2020- Peer Roundtables. All Rights Reserved