CISO Insider – April 2023

Written by Süleyman Yilmaz

CISO Insider Newsletter

April 2023 Edition

Welcome!

Welcome to the first edition of our newsletter, where we promise to provide you with the latest cybersecurity news, tips & tricks.

As security experts, we know that you’re always one step ahead of the hackers, but that doesn’t mean you can’t take a break to catch up on the latest industry developments. So sit back, relax, and let us be your trusted source of cybersecurity insights.After all, who needs coffee when you have a newsletter that’s as fresh and invigorating as a double espresso?

Sign up now
Read our previous newsletters

Welcome!

Welcome to the first edition of our newsletter, where we promise to provide you with the latest cybersecurity news, tips & tricks.

As security experts, we know that you’re always one step ahead of the hackers, but that doesn’t mean you can’t take a break to catch up on the latest industry developments. So sit back, relax, and let us be your trusted source of cybersecurity insights.After all, who needs coffee when you have a newsletter that’s as fresh and invigorating as a double espresso?

Sign up now
Read our previous newsletters

On this edition

Guest article
Mastering Soft Skills: The Key to Effective CISO Leadership, written by Karine Goris, CSO Belfius

Curated content
Hit the Road and Implement Your Cybersecurity Roadmap, by Tony Sager

Curated content
Security Guidance for Critical Areas of Focus in Cloud Computing

Toreon blog
Navigating the First 3 Months: 5 Steps to a Successful Career as a New CISO, by Toreonite Eric De Smedt

Career watch
Become our new CISO!

Guest Article

Mastering Soft Skills: The Key to Effective CISO Leadership

Karine Goris, CSO Belfius

As a security officer, I would like to highlight 4 essential capabilities for a successful career in information security. Before discussing these capabilities, let’s take a moment to reflect on the importance of an information security office/department within today’s companies.

The main objective of each company is to obtain its business goals, which are predetermined by the board and executed by different departments based on their expertise.

Similarly, the information security department analyses how it can support the realization of the business goals and becomes a fully-fledged contributor to the organization’s objectives. Information security officers need to translate their mission of keeping the company safe into ambitions and expectations that the board may have for this department.

The ongoing digital transformation has embedded information security in multiple business processes, supported by multiple technologies, people, colleagues, and customers. With the changing technologies and processes, along with the information threats and risks, the technology landscape is changing fast (work@home, cloud, …). We live in a “VUCA” world (volatility, uncertainty, complexity, and ambiguity) and we need to create a “VACINE” (velocity, agility, creativity, innovation, experiment) to face today’s challenges. The most important ingredient of this “VACINE”, in the space of information security, are security officers with adequate hard and soft skills.

Be a specialist in your domain.

Level up your hard skills to bring added value to your professional environment. You must learn continuously and be curious about your domain of information security, which is very broad. Different skillsets will be needed, from audit and process expertise within security management to technical skills within security engineering and psychological skills within human security.

The diversity of required skills makes it possible for people from all types of backgrounds and education to find their passion within information security. Choose your field of interest and grow into it; don’t be afraid to adapt today’s techniques to the continuously changing environment. The actions that we take today will not be adequate for the future as the digital landscape and threats/risks will continue to change.

Security officers have the option to specialize in a specific field or become a generalist who can bridge the gap between different areas of expertise. Safeguarding a company from cyber threats requires not only technical knowledge but also process and interpersonal skills. Instead of solely relying on technical controls, a comprehensive approach that combines effective antivirus protection, incident management processes, and human security skills is more valuable.

This necessitates collaboration among specialists from different fields, with generalists leading and facilitating these activities. By bringing together the best specialists of each field, generalists help create a global approach to security that maximizes protection and efficiency. By working as a well-coordinated interdisciplinary team of trained security professionals, the mission of ensuring the safety of the company can be accomplished with greater ease, satisfaction, and thoroughness.

Be organized.

Managing information security is driven by two parameters: the information security maturity of the company and the information security risk the company is facing or willing to face, i.e. its “risk appetite”.

Maturity drives your activities and risk prioritizes these activities. These parameters are structured within an information security process, processing your existing defence in-depth model, what is known as “business as usual” (BAU). To put this information security process into place, frameworks like ITIL, ISO, COBIT, NIS (T) can be used. Security officers can use project management skills to manage new initiatives combined within a security roadmap (SRM). It doesn’t require a PRINCE2 certification, but simply the use of the framework on how to organise your projects in a structured way.

Finally, reporting on BAU and SRM activities is crucial on three levels: operational, tactical, and strategic level. The more you shift within the different levels of reporting, the less technical language is spoken and the more storytelling becomes the adequate way of communication, which brings us to the third capability of a successful security officer:

Be a good communicator.

Communication is crucial to ensure that everyone in the organization understands the importance of information security. The security officer must speak the language of the different stakeholders, from technical staff to management, and translate information security in a way that is relevant to them.

It is of the utmost importance that you speak your colleagues’ language and that they understand what you’re talking about, to get own activities and objectives in line with the desired level of information security.

Be concise/to the point (elevator pitch): the objective of the message must be that colleagues will understand the investments and the implementations required to protect the company, as well as the reason for a change in their habits, if necessary.

Be yourself.

This is crucial for security professionals and can be divided into two key points:
Understand your strengths and weaknesses, and what energizes you. The role of a security professional is demanding and requires flexibility. It’s essential to approach this job as an opportunity to learn and evolve, rather than a duty. To assess if the job is right for you, use the 20%-80% rule; if 80% of the tasks energize you, you’re a good fit. Continuous learning is vital in a constantly changing digital world.
Believe in yourself and set realistic goals, focusing on what you want to achieve, not what others expect of you. Communicate your objectives to manage expectations and receive appropriate feedback. Authenticity should guide your goal-setting. Learn from your mistakes, celebrate your successes, and adapt your goals accordingly.

As the Chief Security Officer, it’s your responsibility to make things happen by working with specialists and generalists. However, for them to deliver quality work, they must fully understand the mission and ambitions of the department. To ensure this, the mission and ambitions should be established, effectively communicated, and widely known throughout the company, with regular reminders being beneficial.

After having set the mission and ambitions for the department, the next step is to turn them into objectives for the specialists/generalists to work on. This process challenges them and creates ownership in realizing the mission. As a chief security officer, it is important to provide a safe and collaborative space for specialists/generalists to experiment, try, invent, evolve, and communicate openly about their failures and successes. As the coach, you must provide the appropriate support and direction based on situational leadership. Creating psychological safety and empowerment within the team will lead to a culture of engagement, continuous learning, and motivation to improve information security. Finally, lead by example by applying these capabilities to become a successful security officer.

Curated content

Handpicked for you

Toreon insights: Navigating the First 3 Months: 5 Steps to a Successful Career as a New CISO

Security Guidance for Critical Areas of Focus in Cloud Computing

Hit the road & Implement Your Cybersecurity Roadmap

It’s important when starting as a CISO in a new company to hit the ground running. For that reason, Toreonite Eric De Smedt has created a list of 5 steps to help guide you along the way during the first 3 months of your career as a new CISO.

Read more

The Cloud Security Alliance (CSA) has released the latest versions of its Security Guidance for Critical Areas of Focus in Cloud Computing. This document is aimed to offer advice and motivation to help businesses achieve their objectives while effectively handling and reducing the potential hazards related to the implementation of cloud computing technology.

Read more

You’re ready to implement your cybersecurity roadmap, but where do you even start? In this article, Tony Sager goes into detail and explains how you can up your cybersecurity maturity.

Read more

Toreon insights: Navigating the First 3 Months: 5 Steps to a Successful Career as a New CISO

It’s important when starting as a CISO in a new company to hit the ground running. For that reason, Toreonite Eric De Smedt has created a list of 5 steps to help guide you along the way during the first 3 months of your career as a new CISO.

Read more

Security Guidance for Critical Areas of Focus in Cloud Computing

The Cloud Security Alliance (CSA) has released the latest versions of its Security Guidance for Critical Areas of Focus in Cloud Computing. This document is aimed to offer advice and motivation to help businesses achieve their objectives while effectively handling and reducing the potential hazards related to the implementation of cloud computing technology.

Read more

Hit the road & Implement Your Cybersecurity Roadmap

You’re ready to implement your cybersecurity roadmap, but where do you even start? In this article, Tony Sager goes into detail and explains how you can up your cybersecurity maturity.

Read more

Career watch

Become a CISO at Toreon!​

Are you looking for an opportunity to expand your knowledge as a Chief Information Security Officer and work on exciting security projects? Then look no further!

Join our dedicated GRC and privacy team of 15 Toreonites, and work with us to raise and maintain an organization’s security maturity to a higher level. 

From rolling out security improvement roadmaps in order to achieve governance goals, to implementing and managing an information security management system, no two days are alike for a Toreon CISO!

Ready to join us in our mission to make the world a safer place, expand your knowledge, and be part of exciting security projects? Then make sure to apply!

Apply now

Career watch

Become a CISO at Toreon!

Eric De Smedt

Are you looking for an opportunity to expand your knowledge as a Chief Information Security Officer and work on exciting security projects? Then look no further!

Join our dedicated GRC and privacy team of 15 Toreonites, and work with us to raise and maintain an organization’s security maturity to a higher level. 

From rolling out security improvement roadmaps in order to achieve governance goals, to implementing and managing an information security management system, no two days are alike for a Toreon CISO!

Ready to join us in our mission to make the world a safer place, expand your knowledge, and be part of exciting security projects? Then make sure to apply!

Apply now

Upcoming trainings & events

Book a seat in our upcoming trainings

All in-person events, hosted by the Data Protection Institute

CISO M1 – Security Governance and Compliance

Next training date: 20-21 September 2023

CISO M2 – Security Architecture

Next training date: 24-25 April 2023

CISO M3 – Secure System Acquisition and Development

Next training date: 12-13 June 2023

Book your spot
Book your spot
Book your spot

CISO M1 – Security Governance and Compliance

Next training date: 20-21 September 2023

Book your spot

CISO M2 – Security Architecture

Next training date: 24-25 April 2023

Book your spot

CISO M3 – Secure System Acquisition and Development

Next training date: 12-13 June 2023

Book your spot

CISO M4 – Security Operations

Next training date: 26-27 June 2023

CISO M5 – Threat & Vulnerability Management

Next training date: 24-25 October 2023

CISO M6 – Leadership

Next training date: 8-9 May 2023

Book your spot
Book your spot
Book your spot

CISO M4 – Security Operations

Next training date: 26-27 June 2023

Book your spot

CISO M5 – Threat & Vulnerability Management

Next training date: 24-25 October 2023

Book your spot

CISO M6 – Leadership

Next training date: 8-9 May 2023

Book your spot

CISO Full Certification Track Module 1-7

Book your spot

Start typing and press Enter to search

Shopping Cart