Historically perceived as a technical expert, CISOs now need to evolve into communicators.
In a constantly evolving working environment, the CISO - and more generally the ISS team - are responsible for guiding employees through a vision of what cybersecurity is and should be within the company. If this mechanism is based on the sharing of best practices and the establishment of common rules, it must be embodied by assertive leadership on the part of the CISO.
So how do you communicate intelligibly with your organization? How can you share your challenges and prerogatives with your employees, and get them on board? Here are some answers and advice from our expert.
CISOs can no longer work alone
Faced with ever-increasing workloads and stress, CISOs can no longer afford to work alone. According to a report by recruitment firm Heidrick & Struggles, 48% of CISOs surveyed said they felt at risk of burn-out. This trend is confirmed by the fact that 59% of them say they work under intense stress.
With an estimated 4 million vacancies in the cybersecurity sector worldwide, this trend is unlikely to abate. According to Gartner, 50% of CISOs will leave their posts by 2025 due to high stress levels.
Faced with this situation, it is urgent to adopt a collaborative approach with the aim of sharing the responsibilities and day-to-day mental burden of managing cybersecurity within the company.
4 tips for better team collaboration
1. Adopt an open and collaborative posture
As a CISO, you need to convince your staff of the soundness of your decisions, rather than trying to impose directives. Otherwise, you run the risk of blocking communication and creating resistance within the organization - which would be counter-productive, to say the least.
Effective communication means moving away from technical jargon and ensuring that explanations and objectives are understandable to all. By adopting an open, listening posture, rather than saying " that's the way it is and no other way ", you encourage buy-in.
This is not uncommon in the management of exemptions, as Baptiste David, Head Of Market Strategy at Tenacy , explains: "In the case of a request from exemptions involving the installation of specific software, responding with a simple refusal without explanation may encourage the employee to ignore the ban . On the contrary, it's more effective to propose alternatives that meet the employee's needs while complying with security standards ".
2. Explain your needs and objectives
To manage cybersecurity on a day-to-day basis, CISOs need accurate, up-to-date data. And to achieve this, he needs to communicate clearly why he needs this data.
To put it another way, it's a question of transforming a technical request into a common objective, as Baptiste David reminds us: " If a CISO asks for information on users who have taken part in cybersecurity training, he should specify that this data contributes to assessing risks, improving security measures, or achieving compliance with standards such as ISO 27001."
The aim is to ensure that the CISO's approach is not seen as a constraint, and that teams work together to achieve the company's common security objectives.
3. Take an interest in the inner workings of your departments
To be able to collaborate with all the company's departments, such as marketing, finance or sales, the CISO needs to extend his or her understanding of the organization. In other words, they can't apply their vision if they work in silos.
By integrating the internal workings of the teams and sharing relevant information and indicators, the latter can not only improve the company's overall safety, but also gain greater visibility of its role and mission.
By working with Human Resources, for example, the CISO can share data such as the percentage of employees who have signed the IT charter or attended cybersecurity training courses.
4. Make sure your SSI team is aligned with your vision
In addition to sharing your vision,internal alignment within the ISS team helps to guarantee the effectiveness and consistency of actions. Without this uniformity, gaps and technical and organizational incompatibilities can arise, compromising team commitment to the security strategies in place.
Internal CISO leadership involves clear communication and team leadership, to ensure that everyone has the right level of information. This approach is not intended to solicit challenges or opinions, but to standardize practices so that everyone works together.
This standardization is all the more important when it comes to the arrival of new employees. This is why the use of tools like Tenacy can be structuring, facilitating the integration of team members. By training on our platform, newcomers are quickly aligned with the CISO's vision and strategy. This creates a centralized and coherent database, avoiding the mess and communication gaps often encountered in less structured environments.