CISO Edge – Insights from the Edge: How to Manage Stakeholders and Lead Sustained Change? – Highlights
WHAT YOU NEED TO KNOW
- Depending on how the organisation handles it, cybersecurity can either be a roadblock or an enabler.
- CISOs need to understand the stakeholders’ needs, goals and fears and use these insights to build relationships and communicate their messages across in a way that gets their objectives achieved.
- IT security roles are stressful, as CISOs are always trying to achieve more with less. To avoid burnout security professionals need to create a healthy work-life balance by learning how to prioritise and being comfortable with sharing the load with their team.
- Future learning capability is one of the essential leadership skills. To improve decision-making, a leader needs to know when it is best to switch from transmitting and directing mode to listening mode.
Experienced cybersecurity professionals and change leaders Anne Garlick, Sheridan Ware, Julia Steel, Robert Carey, and Jinan Budge gathered on stage by to discuss best practices in leading sustained change in organisations in terms of cybersecurity.
The panellists agreed that the lack of visibility of cybersecurity is no longer a challenge, as there have been so many breaches and hacks that it’s hard to find somebody who’s not aware.
However, as Forrester Research principal analyst and the panel’s moderator Jinan Budge noted – awareness is not always coupled with understanding.
C-level executives Anne Garlick (Westpac) and Sheridan Ware (Charter Hall) suggested that politics plays an important role when CISOs are trying to get their message across and achieve a certain goal.
Politics is all about building networks by understanding what drives and scares people and using these insights to build a consensus in an organisation.”
Change and stakeholder buy-in expert Julia Steel, did not agree.
According to Steel, trying to manage stakeholders feels like control, and that inevitably leads to power plays. She said that healthy conversations could only happen when CISOs find a way to work with stakeholders without exercising control.
VP & GM of Global Public Sector Solutions at RSA Robert Carey agreed that coalitions are effective only when not forced.
Carey said that sometimes authority is given to power-thirsty individuals that force change, and usually, when this person leaves, all change gets undone.
To achieve great results, security leaders need to create psychological safety in the workplace and empower their team to set their own boundaries and freely engage and give ideas.
“You are only as good as the people in your organisation,” Steele said.
Ware said that one of the most important leadership qualities a CISO can have is the ability to get people excited about organisational change by showing the value of their vision.
Carey said that leaders need to be aware that they are role models for other employees, so they need to display the behaviours that they want their employees to exhibit.
Ware said that leaders need to be accountable for their failures and learn from the things that didn’t go as expected.
You don’t have to be perfect, but you have to learn how to learn perfectly”