BSW #298 – Jeff Pollard

The growth and evolution of the CISO role is as fast as it is not clearly outlined. Differences in core businesses, sizes, and culture of companies lead to a very fragmented situation when trying to understand where the CISO and its cybersecurity function sit in the organization.

The CISO responsibility matrix (CISORM) is quite young and the roadmap for the next coming months is ambitious: becoming the barometer for the CISO community around the topic of “what does it mean to be a CISO today.”

Business Information Security Officers (BISOs) have become increasingly popular over the last few years. But what they are, what they do, and how they relate to the CISO is not so obvious in organizations that do not have BISOs.

Chief Information Security Officers (CISOs) need to change their mindset that cybersecurity is a cost center, and instead view it as a profit center. As a cost center, cybersecurity is seen as overhead. Your budget is to be managed as part of the cost of doing business. Shifting to a profit center mentality, cybersecurity becomes a business driver – accountable both for spending and growth, or more specifically, savings through risk mitigation.

Here are three keys to solving the people problem in cybersecurity.

1. Understand the Business Value of Cybersecurity
2. Create a Culture of Cybersecurity
3. Allocate the Resources

Burnt out employees show that there are urgent problems to be addressed at the heart of any organization. But burnout is a management and organizational issue, not a physical or mental health issue, so promoting self-care won’t usually help employees recover. The chronic job stressors that cause burnout can emerge from several kinds of mismatches, which reflect a bad fit between the job and basic human needs such as competence, belonging, and psychological safety. Such mismatches can occur in six core areas, which apply to all people, regardless of their job: workload, control, reward, community, fairness, and values. Improving matches — helping people find fulfillment within an area of work life — can nudge employees away from burnout. It is a leader’s job to run a collaborative process with employees to address the persistent mismatches that employees experience at work. This article covers five critical steps leaders should follow to design better job matches for their employees.

Communication is an essential part of any team. Without proper communication, the team members can’t share their data and knowledge, can’t coordinate their efforts, and can’t even find their common goal, to begin with. So all the teams need communication to form, perform, and reach their goal properly.

However, with all the emphasis on communication and with all the tools and processes that make it possible, over-communication has become a serious problem for the performance of the teams. Teams can suffer from too much communication or the wrong communication tools and approaches. Over-communication can lead to information overload, giving the wrong information to the wrong people, and constant distraction for the team. It’s essential to strike a balance and use the right amount and form of communication to avoid these pitfalls.