I’ve had the good fortune to collaborate and work with many truly great CISO’s. Here are some observations of the personal habits that make them great and the attributes that anyone in Cybersecurity can emulate.

  1. They make time. No one in IT security has enough time. Ever. Not enough time in the day? Work at night or get the team together on a weekend. Sure, the team needs time off when the pressure if off and great CISO’s know how to prioritize.
  2. They make today count. CISO’s are always under fire and they know things are almost certain to get screwed up at some point. They don’t wallow in yesterday’s mistakes and get distracted by regrets. They invest their time wisely and achieve small successes every day.
  3. They know what you want. Great CISO’s define their goals organizationally and for themselves.
  4. They plan. They are always planning their next move, optimizing their daily schedule, and ensuring they address priorities first.
  5. They seek to improve. Great CISO’s recognize that perfection can be a trap. They don’t aim for perfection but rather constant improvement.
  6. They define success. Knowing what the success criteria you are being measured against is imperative. Define success according to your principles and those of the business.
  7. They listen. Being a good leader means listening more than speaking. Listen to what is said and what is not said.
  8. They are curious. Great CISO’s know what they don’t know and make an effort to learn more. They are really good at asking really good questions.
  9. They are team players. CISO’s know they can’t reach their goals on their own. They attract talented team players and collaborate with others. They know how to share the spotlight.
  10. They understand all the angles. Great CISO’s see things from multiple perspectives. They know how attackers think and operate. Many of them channel Sun Tzu’s “The Art of War” mantra: “If you do not know your enemies nor yourself, you will be imperiled in every battle; if you do not know your enemies but do know yourself, you will win one and lose one; but if you know your enemies and know yourself, you will not be imperiled in a hundred battles.”

Trevor Horwitz

TrustNet, CISO