Having helped build out many SecureWorld conferences, I have come to realize—likely to no one's surprise—that the best cybersecurity leaders indeed have some technical prowess, but it is their soft skills that make them exceptional leaders.
The CISOs, BISOs, VPs of security architecture, CSOs, directors of information security, directors of governance, risk and compliance, deputy CISOs, chief risk officers, and others who provide thought leadership on SecureWorld agendas all have a few things in common: great communication skills, artful delegation abilities, business acumen, and a genuine care for the importance of what they do to keep people and systems safe.
Michael Gregg, the CISO for the State of North Dakota, speaks across the country, including keynoting at SecureWorld Detroit on Sep. 19 and at SecureWorld Dallas on Oct. 26. It's easy to see why he is successful. He is thoughtful, calm, and expects the best from his people while supplying the resources needed to get the job done with more efficiency and effectiveness than it was previously done.
His common sense approach to cybersecurity has made North Dakota a leader among state and local governments with unique challenges as public entities. He has created partnerships among fellow government peers—from cities to counties to federal to schools—with the private sector, and with vendors. It's no wonder after he speaks he has a line of folks waiting to learn more from him, or just to shake his hand and say thanks for his information sharing.
A recent blog by Frank Domizio titled "The CISO Role: Beyond Technology" explores exactly what I am talking about. As the author writes, "There's a softer side to it—one that revolves around people, relationships, and communication."
It's about trust, communication, collaboration, adapting in the face of change, embracing failure, and teaching the next generation of cybersecurity professionals.
Krista Arndt, CISO at United Musculoskeletal Partners, spoke about failure at SecureWorld Denver last month and will again give her inspirational keynote at SecureWorld Dallas on Oct. 26. She talks about a drag racing accident that could have taken her life and put perspective on life, family, and her role as a cybersecurity professional.
The only way forward is to learn from mistakes and failures (in her accident's case, a clip that was not put back in the breaking mechanism that sent her and her car hurling through the safety sand and net at the end of the drag strip). Those are opportunities to get better, not excuses to give up or avoid future failures.
Al Lindseth, Principal, CI5O Advisory Services LLC, will speak on effectively communicating to the board at SecureWorld Dallas on Oct. 26. That's a soft skill that even the most adept CISOs are still trying to master. But it is vital as they fight for cybersecurity budget, try to explain risk, and explain the importance of line items such as security awareness training, blue, red and purple team exercises, and more.
Here are some specific examples of why soft skills are important for CISOs: