Five Critical Skills a CISO Must Have in the Digital Age
With the third wave of the pandemic upon us and remote work models becoming the common norm, cybersecurity threats are at an all time high. It is reported that cyber-crimes in India have shot up by 500% and India is one of the top 3 attacked countries in the world as far as cyber-attacks are concerned. The role of the Chief Information Security Officer (CISO) has evolved, and at the current stage it involves perceiving and addressing cybersecurity threats as business risks.
So here are 5 critical skills a CISO should have today in order to thrive in the years ahead.
1. Vulnerability Assessment Skills
Innovating and leading security assessment activities has become crucial for all organisations in the current business environment. With effective assessment programs, an organization can understand its security weaknesses, assess the risks associated and put measures in place to reduce the chances of a breach. As the leader of the organisations’ digital realm, the CISO will need to spearhead all of the above. Knowledge of assessments like Vulnerability Assessment & Penetration Testing (VAPT) will be critical.
2. Distributed Services Management
With the pandemic, both the workforce and workplace have become dispersed. The CISO will require experience of working in a distributed setting with key teams spread across multiple geographies. This will need to be accompanied with the knowledge of massively scalable distributed tech products. As an extension of this, user and access management (including admin, supervisor and vendor access) to the company’s data and in-house interface will also become an important consideration.
3. An Eye for Advancing Tech Trends and Emerging Threats
Staying on top of new tech trends in your industry is essential for driving innovation, accomplishing business goals and remaining one step ahead in the game. The CISO should constantly evaluate the latest technologies and find innovative ways to build cyber resilience. Along with having the knowledge of a distributed security network, the CISO will also need to educate staff members on information security awareness including how and who to report to, if they believe that there is a possible threat.
4. Proven Technology Leadership and ability to Architect teams
McKinsey reports that we have vaulted five years forward in consumer and business digital adoption in a matter of around eight weeks. Many organisations are still in the foundation phase of setting up their digital pillars. This requires agility and immense/absolute knowledge about technology and cyber threats to incorporate security from the very beginning. The CISO will need to build tech teams and systems that are resilient & secure, while also ensuring fast paced scalability to stay competitive.
5. A Common Organizational Data Language
Building a strong cybersecurity team requires a leader to be efficient in leveraging talent, while also clearly communicating tech objectives and goals. The CISO should be able to explore a ‘common organisational data language’ for achieving maximum success across regions and sizable teams. This ensures that there is a common understanding of criticality and vulnerability. If all team members are technically tuned together, communication & execution of each specific goal becomes faster and more efficient.
The success of the CISO relies on his/her digital ability as much as the aptitude for uniting teams and encouraging people to embrace new technology. This means that a CISO will need to maneuver seamlessly among varied teams and related tech based threats to truly emerge as a change agent in 2021.
(The author is Managing Director APAC at Catenon and the views expressed in this article are his own)
