Last month I started a series where I depict the meaning of the CISO acronym to me starting with the article “The C in CISO is for Connecting”. This was a result of me running surveys on this topic and reflecting not only on the results but also on my approach to leading a cybersecurity program and team. As I reflected on the results of the survey on the I in CISO I realized that I really didn’t capture my approach. First, let’s take a look a that survey:
When I look at this chart I realize that I actually failed at identifying its true meaning, to me, of what the letter I in CISO is. While I believe that all four options presented are important to be a successful CISO I believe that the I in CISO stands for INFLUENCE.
Building Trust. In my opinion, this is the foundation of relationships and influence. However, earning Trust is also the hardest thing to achieve in any relationship. As I wrote in my last article, John Maxwell defines Connecting as “the ability to Identify with people and Relate to them in such a way that it increases our Influence in them”. Connecting with others is one of the things that has worked for me best because I am intentional about making those meaningful connections and understanding what’s important to the people I work with. There are other ways to earn trust such as delivering result and value; but being empathetic and intentional about connecting with others has been the key to my success as a leader who can both influence others and, can be influenced by others as well.
Empowering Others. Many people believe that leadership is about making decision and I going to kindly disagree with that notion. Sure, it is an important part of it and something that we as leaders do everyday. However, as an awesome CEO once told me the key is to have the right team around you whom bring their experience and expertise to compliment you. The leaders’ role is to keep an eye on the guardrails that you establish with the team and then empower them to make decisions based on the vision and mission that the team is pursuing. You hired them because you had every reason to believe they were experts in their field and would add value to you and the organization. Let Them!
Your influence Circle. CISOs, like most C-level leaders, have an extremely wide influence range. We interact and have the opportunity to influence people from all areas of the organization in our daily interactions. We talk with business unit leaders, vendor management, legal, IT, HR, you name it; we support them all and usually are in constant communication with them either directly or through our team. Let’s not forget that and the fact that we lead a Team of Teams. Don’t think so? how about a look at this short list of some of the members of your “core” stakeholders such as:
Influencing the Culture of the Organization. In my option, the ultimate goal of the CISO is to influence Cultural and Organizational Change. Leading others to make educated risk-based decisions will come a long way to improve the security posture of the organization. This really comes down to all of the things that we have gone through in the article such as connecting and building trust; empowerment; and influencing your core stakeholders. How do I know that we are influencing others?
A Few Closing Thoughts On Influence.
There are many signs that can reveal your ability to influence others. Keep working on your influence skills; you will need them whether you lead a team or not. Keep practicing and failing if necessary; keep connecting, empowering and getting closer to your core team!