author photo
By Heather Cyrus
Tue | Apr 7, 2020 | 5:15 AM PDT

Randy Raw began his career as a technology coordinator at a rural school before the internet was even a thing. 

Now, he is Vice President of Information Security for Veterans United Home loans, which writes more loans for veterans than any other company.

That is quite a transition.

Raw recently appeared on our series of SecureWorld Remote Sessions and shared his leadership insights, advice, and resources to move from the technical side of cybersecurity to a leadership side.

How do you move from technologist to CISO or vice president?

Randy Raw took us on his personal career journey, explaining how to move from an individual contributor to a leader, traits of successful C-suite leaders, ways to communicate effectively, and resources to access along the way. 

One of the first keys is your mindset.

"It's vitally important for leaders to know what it means to move the needle," Raw said. "You can ask yourself, ‘do you want to be a tactical leader? Do you want to be a strategic leader? Or do you want to do both?'"

Raw believes there are four fundamental principles for anyone looking to move from an individual contributor in cybersecurity to a leader:

1. Movement and personal growth
2. Developing management and leadership skill-sets
3. Committing to being a lifelong learner
4. Focusing on forward momentum

What are the common traits of successful CISOs?

According to a recent study, successful CISOs share similar traits, including strong leadership (particularly in strategic directions) and strong communication and management skills.

The need for technical skills came in at the very bottom of the trait list. Says Raw: 

"Oftentimes, especially as we're moving through our career, we've established technical skills, and technical skills have been the thing that have taken us to our success levels. As you begin to think about transitioning to a leadership level, technical skills may become the least important of all the things that you do."

How do CISOs become strategic leaders?

According to Raw, this transition begins with leading yourself and assessing your own strengths. Consider getting an evaluation of your top strengths using Clifton Strengths. Begin focusing on your strengths, because areas that may be shortcomings for you are great opportunities for other people from your team to fill.

"A person doesn't have to know everything to enter a new role. If you have exceeding curiosity before you get good, that is a better place to be than trying to be an expert in everything," Raw explained.

As you build a quality team that fills in the gaps, including your own gaps, you will increasingly be viewed as a strategic leader and the business will more likely turn to you as a trusted advisor.

Also, Raw suggests finding a mentor.

SecureWorld conferences are a great place to start, followed by LinkedIn, local associations, and various meetups. You may even be fortunate enough to find a mentor in your own boss or colleague.

What kind of communication skills do CISOs need?

Learning to speak the language of business is crucial. As a leader, risk will need to be presented in dollar signs rather than vulnerabilities, exploits, and attacks.

Finding fluidity in the way you talk to differing groups is also key.

Having the ability to speak different lingo when communicating to the board, C-suite, and your technical staff will give you a serious advantage and respect from the various teams.

"As we think about communicating with all of our staff, security awareness is probably the number one thing that goes forward. That's the topic that cuts across all employees," Raw said. "What are you doing to help us be secure? How are you helping to do your part in securing our enterprise, our individual part of the world that we live in?"

CISOs and cybersecurity leaders need emotional intelligence

You may have been drawn to the tech side of things and that's how you got into cybersecurity. However, Raw says that may involve only limited human interaction.

When you move into a leadership role, you will most certainly be managing people, and that requires emotional intelligence. He unpacked a few examples:

Emotional intelligence is the ability to:

  • Say "I don’t know" when you don’t have an answer
  • Ask questions of your team to see how they are thinking through a problem
  • Ask directive versus non-directive questions
  • Develop relationships within your team and every department
  • Develop relationships with people from other businesses and other industries

Raw provided the following tips for those of you beginning conversations with your boss.

For one thing, don't let your employer think of your role as part of a "cost center."

For another, ask your leader for advice. What can I be doing better? What does the company need from me? What am I doing that's not helping me be seen as a leader? What makes me the most valuable to the organization or team?

And lastly, Raw says you need to clearly communicate with your boss and explain that you are interested in becoming a leader and in moving into a leadership role.

Cybersecurity leadership web conference

Whether you are moving up the leadership ranks in InfoSec or are already a CISO, we highly suggest you take a few minutes to watch the SecureWorld Remote Sessions episode where Randy Raw does a deep dive on security leadership.

WATCH: Moving from InfoSec Technician to InfoSec Leadership

Thank you, Randy, for helping with SecureWorld's mission of connecting, informing, and developing leaders in cybersecurity.