In a labor market where 600,000 cybersecurity jobs are left unfilled, security leaders are being promoted and recruited at a breakneck pace. Some new entrants may feel like they’ve been dropped upstream without a paddle, while others may make their way down the river only to realize they’ve hit a waterfall of new issues.
A newly minted CISO will quickly learn if they’re over their heads, whether facing a lack of practical cybersecurity experience or a mismatch between security initiatives and business objectives. If an organization hasn’t historically prioritized security, a new CISO is sure to experience some level of friction and uncertainty. But doubt doesn’t have to become despair.
Here are three lifelines that can help:
Conquering this new role – and working past the common CISO imposter syndrome doubts – starts with an active form of self-awareness. There are plenty avenues for improvement once you can describe your gaps and get motivated to take action. Take time to inventory your knowledge base and note growth opportunities and specializations related to your business. Prioritize any shortfalls in your cybersecurity skillset that need to be illuminated. Double down on reading, research, and training to build new security and leadership muscle, comparing your capabilities to the baseline of what your new role entails. Based on your skills gap build a plan of action to address any weaknesses over a reasonable period of time. Don’t try do everything at once, and don’t pressure yourself to master everything. Our blog post, The First 101 Days as a New CISO – A Chief Information Security Officer’s Playbook, offers timely and strategic advice for achieving early success. Make yourself an expert and an asset, not only in your organization’s security operation, but their business goals.
Actively improving, and always seeking ways to be better, will quickly relieve you of self-doubt as you see your progress and the path forward.
Phone a Friend
One of the best ways to build your industry knowledge and find answers to new questions is to leverage and grow your network. Without connection to external voices, leading a cybersecurity program can be a lonely experience. Increasingly collaborative security practices are driving interest in partnership and communication in areas from threat intelligence to security awareness best practices. There’s no better time to raise your hand and ask for help, because today, there’s no shortage of people willing to give it.
Leverage your network and reach out to security peers to address issues new to you, while applying their stories and lessons learned to develop expertise and build well-informed strategies. The cybersecurity industry changes at a rapid pace. Collaboration is essential for sustainable success and to quell those feelings of inadequacy.
Ask the Organization
Lastly, reach out to your coworkers. Don’t be intimidated to put your hand up and say, “Hey, I'm getting stuck on this. If you were in my position, how would you address it?” Good people are wired to help people that ask.
Asking for support early can also prevent a new CISO from making easily avoidable mistakes. Don’t self-isolate, even if you’re a team of one. Tenured colleagues can be hidden gems of knowledge you can use to your advantage. Don’t forget to tackle the basics to build rapport early:
Get to know your colleagues. Use this time to build political capital by listening to your colleagues, practicing empathy, and learning their goals and objectives so you can help them be successful.
Hold a department meeting. Give everyone a chance to talk and ask questions. Listen carefully. Reaffirm that everyone is on the same team and shares a common goal.
Schedule one-on-one meetings with your team. Learn from those who see issues and deal with problems. Establish your approachability by actively soliciting feedback.
Be visible. Select a few projects to participate in. Ask questions and build consensus to gain credibility among your staff.
As you find your footing, practice patience and grace. No CISO knows everything on the first day of their new role.
Plan for Success
Better security through collaboration was a key theme in the 2022 SLED CPR and webinar. Created to advise and empower security leaders, this free research bundle provides data-driven insights from senior leaders, analysts, and experts, identifying trends and successes that are defining a new generation of cybersecurity visionary. It’s meant to inspire, support, justify, and inform efforts by CISOs at every level. Click hereto check it out!
Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.