The 4 Habits of Highly Effective CISOs Necessity is the mother of invention – and the genesis of the Chief Information Security Officer role is a perfect example. With…

The 4 Habits of Highly Effective CISOs

Michael Gleason

I spend my days (and nights) explaining how the strengths of the cloud - high availability, scalability, and interoperability - can help us overcome what is often considered its greatest weakness: security.


CloudLock - CISO Businessman


Necessity is the mother of invention – and the genesis of the Chief Information Security Officer role is a perfect example. With a continually increasing number of threats and breaches, today’s institutions need strong information security leadership more than ever before. As such, CISOs have become as vital to organizations as revenue-driving roles.

Contemporary security professionals understand their value extends beyond the orchestration of virtual defense mechanisms. CISOs hold a great deal of power over the technological direction of the modern enterprise. Today’s businesses see a monumental opportunity to adopt technology to transform their organization, meaning CISOs have an opportunity to not only improve corporate security, but to drive and advance technology adoption.

Thus, the modern, effective CISO is born. To succeed, this individual must:

1) Think and Act Like An Executive

The contemporary CISO has emerged from the annals of the IT department and into the executive suite. More than ever before, CISOs have a high level of influence over organizational strategy, engaging with fellow C-level executives, board members, and corporate counsel. As such, speaking to broader business initiatives and articulating a strategic vision that resonates with these individuals is a requisite. Demonstrating ROI, or (to use a new addition to the Info. Sec. vernacular) Return on Security, becomes crucial.

CISOs must be comfortable interacting with a host (no pun intended) of individuals, from customers, to partners, to law enforcement agencies, to the public at large. The related activities could involve anything from communicating the strength of your corporate information security to customers and partners, to a full-fledged response following a large scale data breach.

2) Work With The People

It’s simply not enough to be an active member of the executive team. Today’s security officers need to align their priorities and projects with the everyman. Considering the impact of organizational technology and security initiatives on employee productivity is crucial. This varies from understanding the day-to-day realities of security administrators to implementing, company-wide IT initiatives that evolve not only corporate security, but user productivity and even employee satisfaction.

Getting buy-in from an entire institution is a considerable challenge. For security initiatives to succeed, this challenge must be overcome, which brings us to the next CISO must…

3) Be An Enabler

Historically, CISOs were the last stop on a long journey to institute new technologies company-wide, relegated to one of two reputations: the perennial naysayer, or the proverbial rubber stamp. The push and pull between CIOs (looking to propel the business forward through technology adoption) and CISOs (pushing back on the basis of security concerns) is changing, as the two roles now align with one another.

As the CISO role has developed, the responsibilities associated with the job have evolved from tactical information security activities to strategic business enablement and user empowerment. In many ways, the success of a CISO relies on their ability to enable the business to adopt more technology. Doing so securely represents their piece of the puzzle.

4) Be Daring

The bleeding edge of technology isn’t as bloody as it once was, making early adoption a more compelling option for companies looking to arm their employees with powerful tools. CISOs join the business conversation through converting the possibility of powerful new technology to a reality. To do so, the modern CISO balances security with user enablement – and a bit of daring.

Cloud technology is a terrific example. Old school security professionals laughed the public cloud off as a practical impossibility, even a fad. Meanwhile, forward-thinking CISOs asked themselves: how can we harness the benefits of cloud computing securely? Fast forward three years and the dinosaurs are playing catch up while the modern CISOs are being credited with enabling massively transformational technology enterprise-wide. Now, about that key to the executive washroom…

Ready for more?

In our CISO’s Guide to Cloud Security eBook, you will:

  • Learn the characteristics and priorities of today’s forward-thinking security leaders
  • Obtain actionable guidelines to initialize and execute an effective cloud security program
  • Be empowered to bring it all to life with a formula to measure the impact of security efforts in every organization


Browser Not Supported

Your browser version is outdated.

We would recommend you upgrade to a recent version to ensure that you have a good experience on the CloudLock site. Outdated browsers also increase your security risk. So please update your browser and come back later!

Click on the icon below to download the latest version of your browser