Articles
>
SSI Team: Collaboration and Leadership

SSI Team: Collaboration and Leadership

Historically perceived as a technical expert, the CISO must now evolve into a communicator.

In a constantly changing work environment, the CISO—and more generally the IT security team—is responsible for guiding employees through a vision of what cybersecurity is and should be within the company. While this mechanism is based on sharing best practices and establishing common rules, it must be embodied by strong leadership on the part of the CISO.

But how can you communicate clearly within your organization? How can you share your challenges and priorities with your employees and get them on board? Our expert provides some answers and advice.

March 14, 2024
Table of Contents
Discover how Tenacy structures your cybersecurity
Schedule a demo

The CISO can no longer work alone

Faced with ever-increasing workloads and stress, CISOs can no longer afford to work alone. According to a report by recruitment firm Heidrick & Struggles, 48% of CISOs surveyed say they feel at risk of burnout due to professional exhaustion. This trend is confirmed by the fact that 59% of them report working under intense stress.

With a labor shortage in the cybersecurity sector estimated at 4 million vacancies worldwide, this trend is unlikely to fade. According to Gartner, 50% of CISOs will leave their jobs by 2025 due to high stress levels.

Given this situation, it is urgent to adopt a collaborative approach with the aim of sharing responsibilities and the daily mental burden of managing cybersecurity within the company.

4 tips for better collaboration between teams

1. Adopt an open and collaborative attitude

As a CISO, you need to convince your employees of the validity of your decisions, rather than trying to impose guidelines. Otherwise, you risk blocking communication and creating resistance within the organization—which would be counterproductive, to say the least.

Effective communication means steering clear of technical jargon and ensuring that explanations and objectives are understandable to everyone. By adopting an open and attentive attitude, rather than saying " this is how it is and that's that , " you encourage people to buy into your message.

This scenario is not uncommon in the management of exemptions, as Baptiste David, Head of Market Strategy at Tenacy, explains: " In the event of a request for an exemption that would involve the installation of specific software, simply refusing without explanation may encourage the employee to ignore the prohibition. On the contrary, it is more effective to offer alternatives that meet the employee's needs while complying with security standards."

2. Explain your needs and goals

To manage cybersecurity on a daily basis, the CISO needs to rely on accurate and up-to-date data. And to achieve this, they must clearly communicate why this data is necessary.

In other words, it is a matter of transforming a technical request into a common goal, as Baptiste David points out: " If a CISO requests information about users who have participated in cybersecurity training, they should specify that this data will be used to assess risks, improve security measures, or achieve compliance with standards such as ISO 27001. "

The goal is for the CISO's approach not to be seen as a constraint, but rather for teams to work together to achieve security objectives that are common to the entire company.

3. Take an interest in how departments work internally

In order to collaborate with all departments within the company, such as marketing, finance, and sales, the CISO must broaden their understanding of the organization. In other words, they cannot implement their vision if they work in isolation.

By integrating the internal workings of teams while sharing relevant information and indicators, the latter can not only improve the overall security of the company but also gain visibility into its role and mission.

By working with Human Resources, the CISO can, for example, share data such as the percentage of employees who have signed the IT charter or completed cybersecurity training.

4. Ensure that your SSI team is aligned with your vision

In addition to sharing your vision,internal alignment within the ISS team ensures that actions are effective and consistent. Without this uniformity, gaps and technical and organizational incompatibilities can arise, compromising the teams' adherence to the security strategies put in place.

Internal leadership by the CISO involves clear communication and team leadership, ensuring that everyone has the appropriate level of information. This approach is not intended to solicit challenges or opinions, but to standardize practices so that everyone works together.

This standardization is even more important when new employees join the company. That's why using tools like Tenacy can be so helpful, making it easier to integrate new members into the team. By training on our platform, newcomers quickly align themselves with the CISO's vision and strategy. This creates a centralized and consistent database, avoiding the confusion and communication gaps often encountered in less structured environments.

Key points to remember

Request a demo
Other articles

You may be interested in

6 acronyms for cyber compliance
Life as a CISO
ISO 27001, NIS, LPM, NIST CSF, PCI-DSS, NC: compliance in 6 acronyms

The cybersecurity industry, and particularly the field of incident response, is an environment where all kinds of acronyms flourish. It's so easy to get lost. Standards, directives, laws, processes... Let's take a look at the definitions of six acronyms commonly used in compliance that no one should be unaware of.

November 15, 2022
SSI dashboards: should we abandon them? - Tenacy
Life as a CISO
SSI dashboards: should we abandon them?

From design to formatting, not to mention the thorny issue of data collection, SSI dashboards make life difficult for CISOs. A complex environment, difficulties in engaging contributors, unsuitable tools... there are many reasons for the time wasted and frustration generated, to the point that some CISOs are almost tempted to give up. They therefore sometimes turn to predefined, technical dashboards provided by the multitude of technological solutions available on corporate networks.

What if the solution was to continue creating dashboards, but in a different way?

November 3, 2020
The challenges of cyber awareness
Life as a CISO
Cyber awareness: how to rise to the challenge?

While the ANSSI hygiene guide recommends raising user awareness of basic IT security best practices, the reality is enough to make CISOs tremble. According to the CESIN cybersecurity barometer established in January 2020, employees remain difficult to mobilize. 45% of companies believe that their employees do not follow the recommendations! So what solutions are available to CISOs to raise awareness and engage teams?

October 27, 2020