Even CISOs with years of experience in the security industry sometimes struggle to be effective in the role and end up feeling stressed and anxious. They face common challenges such as:
- finding it difficult to engage with stakeholders
- having to stretch inadequate resources to deal an ever-increasing attack surface
- being stuck in constant firefighting mode
- being unable to build or keep the right team
- feeling overwhelmed by the sheer amount of security-related information available to them
Burnout is common and, on average, CISOs move on to a new role — perhaps hoping things will be different this time — every 18 to 26 months.
Of course, many CISOs are aware they need to find ways to become more effective, so they can stop running themselves ragged and sacrificing their own well-being to one of the toughest jobs in the IT industry. Their efforts tend to focus on two areas.
Leadership and management skills
One area of focus for CISOs is to develop their leadership and management skills through a mix of courses, qualifications and hands-on experience. Moving up to the CISO role involves building on existing management skills and developing new ones in areas such as:
- communication, to allow the CISO to be part of the conversation about how the business will meet its goals — now and in the future —and to help stakeholders at every level make the right choices about security
- people management, to allow the CISO to develop not only their own high-performing security team but to reach out into the business and into external partners to ensure all stakeholders are playing their part in securing the organisation’s operations
- change and project management, allowing them to successfully deliver a variety of initiatives — from implementing a single new security tool to transforming the security function by adopting a framework like MITRE ATT&CK to supporting digital transformation in the wider business
- vendor and supply chain management, to allow the CISO to not only select the best partners to work with initially but also drive maximum value from contracts over the long term, by creating strong relationships with vendors that allow them to become trusted members of the security team.
Wellbeing and mental fitness
The other area of focus for CISOs is to improve their personal wellbeing by adopting techniques to reduce and manage the stress they experience. Just as you can use exercise and diet to improve your physical fitness, you can use a range of techniques to improve your mental fitness. These include:
- using mindfulness meditation to become more aware of what’s happening in the moment and develop the ability to take a step back and respond more skilfully
- practising yoga, tai chi or other forms of exercise that have been shown to lower stress hormones, boost hormones that improve sleep quality and boost your mood, as well as improve physical health
- using regular breaks during the day to lower stress, help maintain performance and boost energy. Research has shown that regularly taking micro-breaks and spending even a few minutes away from work — chatting socially with a colleague or making a drink — is particularly important
- adopting time management skills that allow you to prioritise what’s really important, avoid the hit to productivity that comes from constant distractions, such as checking email every time you get an alert, and benefit from allocating blocks of time to “deep work“
- seeking out mentoring, coaching and peer-to-peer support to help you improve your confidence, strengthen your skills and figure out how solve particular challenges
Positive Intelligence
Most development opportunities focus on either skills or wellbeing. To emulate the most successful and effective CISOs, you need to tackle both areas. If you don’t have the skills to engage with the business, to get good performances out of your team or to keep projects running smoothly, you’ll feel a lot of stress. But if you’re not managing your stress and general wellbeing properly, you’ll find it harder to have good interactions with others, be a good manager, or quickly identify and solve new issues.
One approach that tackles both sides of the equation is training to strengthen your Positive Intelligence. Your Positive Intelligence Quotient (PQ) measures your “mental fitness” or your ability to shift from negative thoughts to a positive attitude. Based on scientific research into neuroscience, cognitive psychology and performance science, Positive Intelligence training weakens the “Saboteurs” who generate all your “negativity” in the way you respond to challenges, while strengthening the “Sage” who helps you handle challenges in positive ways.
An analysis of more than two hundred different scientific studies, which collectively tested more than 275,000 people, concluded that people with higher PQ are more successful in the workplace and their personal lives. For example:
- workers with higher PQ take fewer sick days and are less likely to become burned out or quit, because higher PQ is linked to having a stronger immune system, lower levels of stress-related hormones, lower blood pressure and better sleep
- managers with higher PQ are more accurate and careful in making decisions, and need less effort to get their work done
- project teams with managers who have a higher PQ perform 31 percent better on average when other factors are held equal, with the team’s overall PQ being the most significant factor in predicting achievement
- negotiators with higher PQ are more likely to gain concessions, close deals, and forge important future business relationships as part of the contracts they negotiate
- CEOs with higher PQ are more likely to lead happy teams who report their work climate to be conducive to high performance
These results are the reason why Positive Intelligence is at the heart of much of what we do here at Bright Cyber. One of the driving forces behind why we founded our company was to help CISOs to become more effective and avoid burnout and we know Positive Intelligence is a powerful way to achieve that goal. To do that, we’ve worked with Shirzad Chamine to bring his tried-and-tested techniques for increasing PQ, through his Positive Intelligence programme, into a course designed specifically for CISOs.
Delivered through a mobile app, Positive Intelligence for Security Leaders uses a combination of activities and exercises, inspiring and informative videos, and coaching and peer-to-peer support to increase the PQ of security leaders. This equips them to operate as more effective leaders and facilitators, and develop sustainable techniques to drive wellbeing, personal and team performance, and relationship improvements — in just 15 mins a day for 6 weeks.
Click here to receive our information on our course.
