end-point
ANALYSIS
THE CHANGING CISO SKILLSET – COMMUNICATION IS PARAMOUNT
Marc Lueck , CISO EMEA Zscaler , explains that while historically the role of CISO has demanded a fervent dedication to security , contemporary requirements extend beyond mere security expertise . Today , effective CISOs must also excel in business leadership and communication .
The changing CISO skillset is by no means a new conversation . Indeed , over the past decade , there has been a gradual but notable shift in what the role entails . Where once it might have been known as the role that says ‘ no ’ and was blamed for any perceived or real security incident – the title was famously said to stand for Chief Impeding Sacrificial Officer .
Increasingly , the key to being a modern CISO isn ’ t cyber-related at all . Instead , it is about having the ability to understand and distinguish between the different modes of communication required to serve the ever-expanding needs of the workforce and business . Faced with a faster-evolving threat landscape than ever before , communicating upwards , sideways and downwards about risk level is crucial for any CISO looking to keep their organisation secure .
As more governments consider sweeping cybersecurity regulations , organisational leadership is looking to CISOs for guidance on how to react .
Communicating upwards
As my colleague pointed out in a recent related article , lately , there has been an industry-wide focus on the growing role of CISOs as educators for their board of directors . As more governments consider sweeping cybersecurity regulations , organisational leadership is looking to CISOs for guidance on how to react . This is a welcome shift from the more transactional interactions CISOs had with boards 10 years ago .
Staying on top of the latest cybersecurity developments is challenging , and predicting the legal and financial implications of various existing and proposed cybersecurity legislations can be particularly mind-bending . Many recent cybersecurity regulations , for example , only apply to government agencies , but this does not mean they will have no impact on the private sector . When the government adopts a regulation , it often rejects partnerships with any organisation that does not meet the same standard .
In this sense , businesses seeking government contracts are also governed by cybersecurity regulations that affect the public sector . Some examples of this are DORA , SREN or NIS2 . The NIS2 Directive – the EU-wide legislation on cybersecurity – is supposed to boost the overall level
72 WWW . INTELLIGENTCISO . COM