Do CISOs need an image makeover?

Do CISOs need an image makeover?

In a recent interview with TEISS, Channel 4’s CISO, Brian Brackenborough, said that the greatest misconception about his job is that he’s seen as the “anti-fun police”.

And apparently he is not alone. New research commissioned by Thycotic, shows that the majority of UK IT security professionals feel that they’re suffering from an image problem amongst fellow workers. The report highlights the challenges CISOs currently face and gives some tips as to what can be done differently and how.

The research, conducted with 100 UK IT security decision makers, found that:

  • Nearly two thirds of respondents (63%) feel that their security teams are viewed as the company naysayers
  • More than a third of respondents (38%) believe that they’re viewed as the ‘policemen.’
  • Over half (56%) feel that they’re restricted by the board

Commenting on the findings, Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic notes, “At a time when security teams are under huge pressure and play an increasingly strategic role within the company, it’s disappointing that they’re not feeling valued either by their co-workers or by senior executives.”

Communicating with the board – it’s all tech to me

Joseph explains that the issue is that executive teams tell security personnel to solve the cyber security problem. “But that is an impossible ask to anyone. Any organisation that tries to solve cyber security is never going to be successful; you cannot solve it,” he states.

“The board does not care about security, they don’t care about solutions or technology. What they really care about is return on investment,” he explains.

The problem lies in communication. Information needs to be presented in a way that the board understands; in business language without being overly technical, he advises.

‘Facilitators’ rather than ‘enforcers’

The study found that security professionals are also struggling to promote their value to other departments in the business. 90% believe that other departments could have a better understanding of what they’re trying to achieve, whilst an equally high majority (88%) feel that it could be easier to communicate their views to executive management in other functions such as HR and Finance.

Unfortunately, some employees view the CISO as making their job more difficult and preventing them from doing their work. “There’s a need for IT professionals to communicate their strategic importance and how they must reinvent themselves as ‘facilitators’ rather than ‘enforcers’ who enable the business to run smoothly,” Joseph explains.

Furthermore, Joseph thinks that each team in the organisation must get better at reporting risk so the CISO can effectively put the right measures in place to reduce the risk.

Win some, lose some

In an industry that’s plagued with horror stories, Joseph also suggests that security leaders should be talking more about their successes and the wins that they make in an effort to boost their image and receive more support and backing from the board.

He also considers communication skills training for CISOs to be a well-spent investment.

The full report can be read on the Thycotic website.

Copyright Lyonsdown Limited 2021

Top Articles

Making employees part of the solution to email security

Security Awareness Training needs to be more than a box-ticking exercise if it is to keep organisations secure from email threats

Windows Hello vulnerability: Bypassing biometric weakness without plastic surgery

Omer Tsarfati, Cyber Security Researcher at CyberArk Labs, describes a flaw that allows hackers to bypass Windows Hello’s facial recognition Biometric authentication is beginning to see rapid adoption across enterprises…

Legacy systems are holding back your digital transformation

Legacy systems pose a threat to organisational security. IT leaders need to be courageous and recognise the need to upgrade their technology

Related Articles

[s2Member-Login login_redirect=”” /]