Cyber Insiders-v8-web - Flipbook - Page 6
“The role ofEqual
O pportunities O fficerw as
nothing to do w ith the
day job,butitprovided
an invaluable learning
experience;everyone
should try stuff,take risks
and getoutthere to do
differentthings.”
Jonathan Lloyd White,
N atura & C o
Life as a CISO
O n his life as a C ISO ,Jonathan says one ofthe best
parts abouthis job is thathe’s involved in every part
ofthe business,“there’s no bitofthe business that
security doesn’ttouch,so you getto learn about
every aspectofthe organisation...in term s ofm y
day,Itry to use a w ork m odelby John Adair(one
ofthe w orld’s leading authorities on leadership
developm ent)to structure m y tim e.The m odelis
aboutbalancing yourtim e and energy betw een
focus on the individual,focus on the team ,and
focus on the task”.
6
|
Page
A m ajorpartofa C ISO s role he explains is people
m anagem ent,“Ispend a huge am ountoftim e oneto-one w ith m y directreports...it’s aboutleadership,
m otivation,aboutperform ance,aboutdevelopm ent
and training,fostering relationships and guiding
team dynam ics.Ifocus on the things thathelp m e
supportthe individuals in m y team s to deliver.So,I
spend a lotoftim e and effortm aking sure w e pull
togetheras a team ,as one unit.” Finance,budgeting,
projectm anagem ent,dealing w ith suppliers,driving
value and service im provem entand com m unicating
w ith the board are otherkey aspects ofthe role,
w hich require a broad skillsetthatgoes beyond the
purely technicalelem entofthe job.
“Ispend a lotoftim e in agile stand-ups,project
planning events,in squad m eetings,review ing
docum entand planning to m ake sure thatthe m oney
Ispentso m uch tim e acquiring is really directed to
bestvalue...Ialso spend a fairbitoftim e thinking
abouthow to describe w hatitis w e do in an easily
understandable w ay forthe board and stakeholders.
“O ften,stakeholders and the board can view
cybersecurity as a begrudging investm ent/expense.
In m y discussions Iam alw ays trying to com e up w ith
a w ay ofdescribing the value thatinvestm entadds.
O ne w ay w e do this is using a m aturity m odelto show
how w e’re stepping up through m aturity and risk
m anagem ent.So,talking aboutthe cyberrisks w e’re
facing as a business and then breaking itdow n into
20 sub cyberrisks and show ing how w e’re addressing
those risks through investm ent.H ow ever,typically
Ifind thatattitudes tow ards security investm ent
change in the w ake ofa serious cyberincident.After
thatpeople view cybersecurity investm entas an
insurance policy”.
C YBER IN SID ERS M AG AZIN E - Vol.2
