Historically viewed as a technical expert, the CISO must now evolve into a communicator role.
In a constantly evolving work environment, the CISO—and more broadly, the cybersecurity team—is responsible for guiding employees through a vision of what cybersecurity is and should be within the company. While this process relies on sharing best practices and establishing common rules, it must be embodied by strong leadership from the CISO.
But how do you communicate effectively within your organization? How do you share and gain buy-in from your employees on your goals and priorities? Here are some insights and advice from our expert.
The CISO can no longer work alone.
Faced with an increasing workload and stress, CISOs can no longer afford to work alone. According to a report by recruitment firm Heidrick Struggles, 48% of CISOs surveyed report feeling at risk of burnout due to professional exhaustion.
This trend is confirmed as 59% of them report operating under intense stress levels.
With a cybersecurity labor shortage estimated at 4 million unfilled positions worldwide, this trend is unlikely to fade. According to Gartner, 50% of CISOs will leave their positions by 2025 due to high stress levels.
Given this observation, it is urgent to adopt a collaborative approach to share the responsibilities and daily mental load of managing cybersecurity within the company.
4 tips for better collaboration between teams
1. Adopt an open and collaborative attitude
As a CISO, you need to convince your colleagues of the validity of your decisions, rather than trying to impose directives. Otherwise, you risk stifling communication and creating resistance within the organization, which would be counterproductive.
Effective communication involves moving away from technical jargon and ensuring that explanations and goals are understandable to everyone. By adopting an open and receptive stance, rather than saying “this is how it is and nothing else,” you foster buy-in to your message.
It is not uncommon to see this scenario in the management of exemptions, as explained by Baptiste David, Head of Market Strategy at Tenacy:
In the case of exemption requests involving the installation of specific software, simply refusing without explanation may encourage the employee to ignore the prohibition. On the contrary, it is more effective to offer alternatives that meet the employee’s needs while adhering to security standards.
».
2. Explain Your Needs and Objectives
To manage cybersecurity on a daily basis, the RSSI needs to rely on precise and up-to-date data. To achieve this, it’s essential to communicate clearly why this data is necessary.
In other words, it involves transforming a technical request into a common objective, as Baptiste David points out: “If an RSSI requests information on users who have attended cybersecurity training, they should clarify that this data helps assess risks, improve security measures, or achieve compliance with standards like ISO 27001.”
The goal is for the RSSI’s approach not to come across as a constraint, but for the teams to collaborate to achieve common security objectives for the company.
3. Take an interest in the internal workings of departments
To effectively collaborate with all departments in the company, such as marketing, finance, or sales, the CISO needs to broaden their understanding of the organization. In other words, they cannot implement their vision if they work in isolation.
By integrating the internal workings of teams and sharing relevant information and indicators, the CISO can not only enhance the overall security of the company but also gain greater visibility into their role and mission.
By working with Human Resources, the CISO can, for example, share data such as the percentage of employees who have signed the IT charter or completed cybersecurity training.
4. Ensure that your IT security team is aligned with your vision
In addition to sharing your vision, internal alignment within the IT security team ensures the effectiveness and consistency of actions. Without this uniformity, gaps, technical and organizational incompatibilities may arise, jeopardizing team adherence to the implemented security strategies.
Internal leadership of the CISO involves clear communication and team facilitation, ensuring everyone has the appropriate level of information. This approach is not about seeking challenges or opinions but about standardizing practices so that everyone works together seamlessly.
This standardization is especially important when new team members join. Tools like Tenacy can be highly beneficial, as they help structure the integration process for newcomers. By training on our platform, new arrivals quickly align with the CISO’s vision and strategy. This creates a centralized and coherent database, avoiding the disorganization and communication gaps often found in less structured environments.