In recent years, the CISO role has rapidly been propelled to prominence amongst the C-suite, underpinned by relentless cyber-incursions, intense regulatory security, and the undeniable correlation between cyber-resilience and long-term business and stock performance. Unfortunately, this rapid shift also continues to expose the soft underbelly of most cyber executives, whose technical competences are ill-suited to drive complex change, overcome deeply entrenched cultural inertia, and navigate powerful political establishments.
Study after study shows that success at the top requires CISOs to influence key power brokers, communicate with impact, and rapidly accelerate transformation. Based on my experiences as a virtual CISO and training cyber leaders from dozens of countries who go through the Cyber Leadership Institute, there are three powerful strategies CISOs can wield to effectively enlist the support of senior stakeholders and the board.
1. Like any other important life endeavor, effective stakeholder management requires extreme prioritization and focus. Simply put, not all stakeholders are created equal. CISOs can leverage the classic stakeholder management framework, which classifies stakeholders into four quadrants based on their organizational influence and vested interest in the cyber transformation agenda. CISOs must spend more time nurturing deeper relationships with the High-Influence / High-Interest group, such as the CEO, CIO, CRO, and the Board of Directors. These vital stakeholders can sustain, derail, or even kill the cyber-transformation agenda. Thus, it's crucial for CISOs to tightly manage these critical stakeholders and keep them highly engaged. The CISO must seek these key stakeholders' perspectives from the outset and build a cyber-resilience strategy tightly pinned to corporate goals. When key stakeholders feel engaged, they will go the extra mile and throw their full weight behind the cyber-transformation program.
2. One of the most potent leadership influencing tools is often hidden in plain sight: The universal principle of reciprocity. According to Robert Cialdini, a globally acclaimed psychologist in the field of influence, "People are obliged to give back to others the form of a behaviour, gift, or service that they have received first." CISOs can get important stakeholders on their side by simply giving more than they take. By actively supporting key stakeholders during key decision-making forums, volunteering direct reports to help deliver critical deadlines or simply buying small birthday gifts, those stakeholders are more likely to say “yes” when the CISO requires their support.
3. The CISO role is relatively straightforward: You commit to delivering a set of capabilities within a specified timeframe. You deliver your promises and then inform the Board and the executive team what you have accomplished. But CISOs must actively resist the temptation to rush into execution. Instead, they must acquaint themselves with the lay of the land, technical constraints, and other risks that can derail their mission. Attempting to boil the ocean is a common CISO miscalculation that comes back to bite at a breathtaking speed. When the CISO promises a Lamborghini and delivers a Toyota Corolla, their credibility goes flying through the window. Constantly apologizing for missed deadlines and miscalculations projects a tone of indecisiveness and weakness. Credibility is the currency of the CISO; once it flies through the window, it's tough to recover. Equally important, the CISO must resist the urge to sugar-coat risks because long term credibility depends on the CISOs courage to do what is right, not what is easy.
When done right, influence and persuasion are potent tools for CISOs to gain direct access to the Board, earn a set at the leadership table, and find deeper meaning in their roles. As Sharmila Devi wrote in the Financial Times, "Leadership is no longer synonymous with management. Leadership has to deal with how to influence and drive performance."
For a deeper exploration of this topic, tune into my on-demand webinar: Rising CISOs: How Cyber Leaders Can Effectively Influence Executives and Boards.
Phil Zongo, CEO and Cofounder the Cyber Leadership Institute
Phil Zongo is a multi-award winning cybersecurity executive, keynote speaker and bestselling author. Some of his career highlights include:
🔹 Author of The Five Anchors of Cyber Resilience, a best-selling strategy book that provides practical guidance to business executives.
🔹 Author of The Gift of Adversity, an intriguing memoir to be published in 2021.
🔹 2017 winner of ISACA International’s Best Book/Article Award, one of ISACA’s highest global honours, which recognises individuals for major contributions to publications in the field of cybersecurity and IT governance. 2016 winner of the ISACA Sydney’s first-ever Best Governance Professional of the Year Award.
🔹 2020 Global Top 100 Most Influential People of African Descent (MIPAD - New York) - 4th Industrial Revolution Category. MIPAD is a unique global list that identifies high achievers of African descent globally in support of the International Decade for People of African Descent (2015-2024), proclaimed by the UN General Assembly Resolution 68/237.
🔹 2019 Semifinalist - The Wharton Executive Entrepreneurship Acceleration Program Business Plan Competition, which features dozens of entrepreneurs globally.
🔹Nominee - Australian Information Security Association (AISA) - 2019 Cyber Security Professional & 2020 ISC2 Asia Pacific Senior Cyber Security Professional of the year awards
🔹 Winner of 2018 Zim International (Australia) Outstanding Achievement Award, African Australian NSW 2018 Outstanding Performance Award, 2019 Appreciate Africa Asia Outstanding in Business Award (Beijing, China), accolades that recognise achievements that far exceed the norm.
🔹 Delivered cutting edge insights to thousands of professionals and business executives across high profile conferences, diving deep into important global trends such as cyber resilience, digital transformation, cloud computing, artificial intelligence, etc.
🔹 My thought leadership has been distributed to more than 180 countries and has been featured in several newspapers and well-regarded magazines.