Do CISOs need an image makeover?

Do CISOs need an image makeover?

In a recent interview with TEISS, Channel 4’s CISO, Brian Brackenborough, said that the greatest misconception about his job is that he’s seen as the “anti-fun police”.

And apparently he is not alone. New research commissioned by Thycotic, shows that the majority of UK IT security professionals feel that they’re suffering from an image problem amongst fellow workers. The report highlights the challenges CISOs currently face and gives some tips as to what can be done differently and how.

The research, conducted with 100 UK IT security decision makers, found that:

  • Nearly two thirds of respondents (63%) feel that their security teams are viewed as the company naysayers
  • More than a third of respondents (38%) believe that they’re viewed as the ‘policemen.’
  • Over half (56%) feel that they’re restricted by the board

Commenting on the findings, Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic notes, “At a time when security teams are under huge pressure and play an increasingly strategic role within the company, it’s disappointing that they’re not feeling valued either by their co-workers or by senior executives.”

Communicating with the board – it’s all tech to me

Joseph explains that the issue is that executive teams tell security personnel to solve the cyber security problem. “But that is an impossible ask to anyone. Any organisation that tries to solve cyber security is never going to be successful; you cannot solve it,” he states.

“The board does not care about security, they don’t care about solutions or technology. What they really care about is return on investment,” he explains.

The problem lies in communication. Information needs to be presented in a way that the board understands; in business language without being overly technical, he advises.

‘Facilitators’ rather than ‘enforcers’

The study found that security professionals are also struggling to promote their value to other departments in the business. 90% believe that other departments could have a better understanding of what they’re trying to achieve, whilst an equally high majority (88%) feel that it could be easier to communicate their views to executive management in other functions such as HR and Finance.

Unfortunately, some employees view the CISO as making their job more difficult and preventing them from doing their work. “There’s a need for IT professionals to communicate their strategic importance and how they must reinvent themselves as ‘facilitators’ rather than ‘enforcers’ who enable the business to run smoothly,” Joseph explains.

Furthermore, Joseph thinks that each team in the organisation must get better at reporting risk so the CISO can effectively put the right measures in place to reduce the risk.

Win some, lose some

In an industry that’s plagued with horror stories, Joseph also suggests that security leaders should be talking more about their successes and the wins that they make in an effort to boost their image and receive more support and backing from the board.

He also considers communication skills training for CISOs to be a well-spent investment.

The full report can be read on the Thycotic website.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]