The O in CISO is for Organizational Savvy

I started a series where I depict the meaning of the CISO acronym to me starting with the article “The C in CISO is for Connecting” followed by “The I in CISO is for Influence” and “The S in CISO is for Service, for Servant Leadership.”. Today I close the series with what the O means to me, which I hope many agree it stands for Organizational Savvy.

As a leader in of your organization’s leadership team and someone delivering a program that will impact the organization in different ways, a CISO must understand the way the company operates; its culture; its customers; its key players; and really to wrap it all up together, the company’s “Why”; or what I call “the ways of the force”. Want to be an influential leader in the organization? “This is the way”.

One of the key traits we always point out that cybersecurity professionals must have is curiosity and that applies to the CISO as well. Be curious about why the company does what it does, how they do it, who does it. Without the understanding of the intricacies of the company it will be hard to build and deliver a program that is aligned with the strategic objectives of the organization and that is supported by the leadership team.

There are many ways to go about this process and a lot depends on your leadership style and also the culture of the company. Here are some approaches that have worked for me in my career:

• Early on, stablish an expectation with your supervisor that you would rely heavily on him/her to learn why and how we do what we do; you must learn “the ways of the force”.
• Ask your supervisor for intros or at least identify key stakeholders across the company that you need to establish relationship with to gain understanding of operations and gain support for your program.
• Identify an internal Mentor. I cannot emphasize this enough. Do not rely on your supervisor only. Go seek out other influential leaders and ask them to mentor you and help you understand “the ways of the force”.
• Identify influential or organizationally savvy team members and peers that can help you establish connections and relationships and even deliver messages through them.
• Understand internal learning opportunities offered at the company. For example, I have taken internal classes on Law Firm 101, Claims School, internal leadership development programs, etc.
• Go do a tour with the main operational teams. For example, when I worked in a company with property management operations I would go on property tours with the property managers in different cities to understand what was important to them. Or if you ware in insurance for example, go on a property inspection and learn what adjusters do.
• Take advantage of internal volunteering opportunities to get to know people across the company and build relationships.
• Take on leadership opportunities on efforts outside the security program. Maybe there’s a caproate event you can organize or MC, like a townhall; maybe you can be part of the leadership of a corporate initiative like diversity & inclusion. I bet there are many opportunities. This is important to build your internal brand and let people know that you can contribute beyond security.

The are many ways to accomplish this. The point is that you really want to put a lot of effort and most of your time on understanding your company if you want to contribute to the overall mission of it, which is your ultimate goal as a leader anyway. Do understand that this process takes time. In my experience it takes around six months to start getting to know the organization and a couple years to be completely comfortable with the corporate culture but that should not slow your progress down as long as you collaborate with others and accept that you need help to develop a security program that is aligned with your companies goals. “This is the wat” to influence and deliver value to your organization.

I hope you enjoyed this series and that it helps you in your CISO and leadership journey.