When I started my career as a CISO many years ago, the skills required to be a good cybersecurity worker were easily defined. Typically, I would look for a solid network engineer with a propensity for security. Let’s face it, technical skills rules, as all the threats were technical. We didn’t worry about social skills, in fact I used to joke that I had people that we kept in the back room … once a week we would throw a box of donuts over the wall and they’d be happy.
Those days are long gone. As the threats have morphed, so have the skills necessary for an information security professional to be successful. One network engineer I hired as a security engineer has worked with me for 15 years across four companies. I’m also working with compliance and other security professionals for the second time. I’ve been blessed with great talent.
Come to think of it, being a comic book aficionado in my leisure-time pursuits has sublimely influenced my personnel decisions in hiring and retaining great talent. Here are the characters who make up my “Cyber Security Superhero Dream Team”:
Captain Visio: This superhero exhibits a razor-sharp ability to anticipate emerging threat levels, while keeping in mind current business needs, benchmark information, emerging regulations, and a crystal-clear view of chart to path. Visio knows better than anyone security is no longer static, and understands that the business environment is changing faster than the sandbars on the river of cyber threats. This archetypal visionary leader is critical to the success of any cybersecurity program.
Metric Man: MM knows that data provides the basics for security decisions. He goes the extra mile to understand what the data means, so the company can balance risks and rewards. By relying on data, MM avoids gut-based decision-making and neutralizes internal politics with ease. Primary weapon: Indisputable data to help the organization’s cybersecurity program improve and grow.
Admiral Uptime: The Admiral recognizes that it’s not just security that is important, but having systems up and available for deployment before and during a crisis is the true mission of the security group. It’s not just about Security, but also Resilience. Resilience allows your systems to thrive, not just survive in today’s increasingly caustic cyberspace.
Crypto: Crypto has the superhero ability to obfuscate any data at rest or in transit. Recognizing the importance of protecting data from prying eyes and hackers, Crypto uses superpowers to stop cybercriminals dead in their tracks, getting the most value out of IT security tools and techniques.
Informa: She recognizes the power of business information and the importance of understanding how it is used throughout the organization. She heads off danger before it rears its ugly head, magically fixing corrupt data. Her superpowers are an innate ability to mitigate in the moment, while maintaining the integrity of data.
As CISO, I’ve always looked at myself as just a member of the team. Each member plays a specific critical role. Don’t let the CISO title go to your head. Lead by example. Security requires commitment and a solid “The Buck Stops Here” attitude. Don’t expect your people to perform better than you. They look to you for leadership. Find highly principled people with a great work ethic, and all missions will be accomplished.
This is just the beginning of the saga. You need to identify your superheroes and give them the training and environment to refine and hone their skills. Remember to lead the team from within – not from the top – and you will be a superhero in your own right. Soon to be a major motion picture … we can always dream.
About Gene Fredriksen
Gene Fredriksen, CISO for PSCU, has over 25 years of IT experience, with the last 20 focused on Information Security. Fredriksen held the positions of Global CISO for Tyco International, Principal Consultant for Security and Risk Management Strategies for Burton Group, Vice President of Technology Risk Management and Chief Security Officer for Raymond James Financial, headquartered in St. Petersburg, Florida, and Information Security Manager for American Family Insurance.