Skip to content ↓ | Skip to navigation ↓

So, you’re a CISO. Now what? What got you there will not keep you there – the time for evolution is here.

Much like special operations, operators of “CISO” are continually evolving. “You have to be uncommon among the uncommon.”

Once you get to that level, you need to stand out even more. For example, once a special operator gets to an elite level, such as the Navy SEALS Team, Special Forces Groups, Ranger Battalion and MARSOC teams, they need to not only bring the formal ways of combat and operations with them but also bring innovational ways to step and think outside the box.

Cross-growth into CIO and CTO duties and even into risk management and strategy is now more common place for CISOs. That’s because it’s important to demonstrate value of the CISO position not from both a security and business prospective.

To illustrate, it is critical for the CIOs to take into consideration the business operations momentum, processes and overall “the way business is done” when providing a security prospective. For example, we have seen healthcare companies and healthcare startups take on both roles and blend the positions of CIO and CISO together. This helps merge business and security into a single role.

Under that new combination, two business needs can be addressed and handled, which is important to the CIOs but also to the business and the organizational culture.

There are many actions and approaches a CISO can take when it comes to the “evolution” process. Below are some recommendations from my experience.

First off, stand out and stand up. Speak and provide some sort of engagement not only at the C-Level but also at the level of the end user. If you are a call center CISO, step of out of your office and engage in some sort dialog with the end user.

Second, engage users about their level of security awareness. Ninety-four percent of CISOs found that active investment in user awareness and education is needed to ensure a successful security posture.

Third, look into other business line responsibilities and see how you can consume their responsibilities and roll them up into your security practice. This presents its own challenges, of course. Recent studies also show that 74 percent of CISOs might experience frustration trying to keep their company secure while trying to innovate.

Overall, it is vital for the CISO to be the protector and seen as the “helper” for security and not an obstacle. Get uncomfortable in an uncomfortable position. Step outside in the cold, go down the trail of the unknown, and be the outsider.

Be the “uncommon among the uncommon.”


Ricoh DanielsonAbout the Author: Ricoh Danielson is a U.S. Army Combat Veteran of Iraq and Afghanistan. As a digital forensic expert in cell phone forensics for high profile criminal and civil cases, Ricoh has a heavy passion for information security and digital forensics that led him to start up his firm (Fortitude Tech LLC) in the middle of law school to become Phoenix’s heavy hitting digital forensic powerhouse. He is also a graduate of Thomas Jefferson School of Law, Colorado Tech University, and UCLA Anderson School of Management.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.