CISO Skills in a Changing Security Market: Are You Prepared?

CISO Skills in a Changing Security Market: Are You Prepared?

What types of skills do CISOs need now? As senior vice president and chief information security officer (CISO) of one of the world’s most trusted cybersecurity software and services companies, it’s literally my job to know.

My responsibilities include protecting and enabling business development at a global organization that wears a big target on its back. We are also “customer zero” at a company that believes deeply in the need to “drink its own champagne.” That means we base our cyber defenses on our own internally developed products to the greatest extent possible.

In addition, we’re a managed security service provider (MSSP) through our CylanceGUARD managed detection and response (MDR) subscription service, and many of our channel partners are also MSSPs, all using BlackBerry Cylance artificial intelligence (AI)-based products to protect external organizations.

The ultimate decision-maker for purchasing and deploying our portfolio of cyber products is often the CISO of an organization. For all these reasons and more, I spend a fair amount of time talking to fellow CISOs and comparing notes on what keeps us up at night and what success looks like for a modern CISO.

Over two decades of cybersecurity and technology experience across a wide range of industries and organizations have helped me grow as a leader and afforded me many opportunities to “give back” by sharing hard-won knowledge with other cybersecurity professionals. I have watched the CISO role evolve from a strictly technical position to one that increasingly requires business ability and acumen.

Today’s CISOs must be able to effectively evaluate both risk and opportunity. They must be able to formulate and execute strategies to strike a healthy balance between these two competing factors and communicate those solutions to senior leadership.

What Future CISOs Need to Know

If you are already a CISO, you are well aware of the way this role has pivoted. But what if you are a cybersecurity professional aspiring to reach a CISO role? What kind of mindset and skills should you cultivate? Here are a few to consider.

Final Advice for All Information Security Professionals

As you build and mature your program using multi-layered defenses, always bear in mind that cyber risk can only be managed, never eliminated. For today’s CISOs and those of the future, cyber-risk is another type of business risk every organization will continually face.

In an interview earlier this year, I shared what I think are the top cyber-risk challenges facing CISOs.

I hope these perspectives will help you on your CISO journey, no matter which stage of your career you are in.

About the Author

Arvind Raman is a Senior Vice President and BlackBerry’s Chief Information Security Officer. In this role, he leads all aspects of the company’s information security, product security, and GRC program globally, focusing on effective management of cybersecurity risks, policies, and procedures.

Arvind brings over 20 years of information security, technology, R&D experience, and leadership to BlackBerry. Arvind’s previous experience includes serving as the Global CISO at Mitel, Global Head Information Security for Scotia Bank, and Director of Cyber & Data Security for CIBC.