Throughout history, many fascinating stories have been told about great leaders; Julius Caesar successfully turned Rome into a prosperous empire, and Napoleon Bonaparte famously commanded the French forces on the seas.
In 100 BC and 1800, respectively, it was easier to identify the leader of the pack. Sure, they were probably wearing a golden crown. Nowadays, the role of leadership has changed, and in the cyber security kingdom, everyone has a claim to the throne.
The Definition of Leadership is Changing
Cyber attacks are a ‘when’ not an ‘if,’ which cements the necessity and critical nature of cyber security jobs. Where some roles like administration and creative creak under the weight of AI advancement, high-quality cyber security professionals retain their value. Even the most advanced AI strategies (such as real time threat detection and response) are no match for the adaptability and moral code of a strong cyber security leader.
Fifteen years ago, would you have expected to see soft skills like ‘attention to detail,’ ‘creative problem solving,’ and ‘clear communication’ in a CISO job description? The traditional profile of a cyber security leader – siloed from senior management, a necessary evil always begging for budget – is a distant memory.
Fast forward to 2024, and cyber security leaders have a seat at the high table as trusted business insiders, valued advisors, and propelling forces for long-term change and strategy. Cyber security leaders must have a deep respect for what they don’t know and a deep passion for continuous improvement to keep up with the breakneck pace of the industry. A recent Gartner survey found that 77% of top-performing CISOs take the responsibility to initiate discussions on evolving norms to stay ahead of threats.
The Role of the Tag-along: A Valuable Supporter or Your Organization’s Weakest Link?
Security professionals wear various hats. A tag-along might not be the one leading the pack. Instead, they could be the person behind the scenes, running pen tests, monitoring network access permissions, and conducting audits to enhance the security posture. In this case, tag-alongs are not tagging along at all – in fact, these professionals are as valuable for your organization as the CISO.
Yet, cyber security isn’t a wholeheartedly technical discipline anymore, and it is inaccurate to assume that security is irrelevant to people with no coding skills or understanding of software. In theory, everyone in your organization should be a cyber security tag-along. Think of it this way: If everyone is pulling their weight, there are no tag-alongs.
A recent large-scale report from the UK Government found that 50% of businesses have a basic cyber security skills gap, leaving them at risk of social engineering attacks and data breaches caused by a lack of knowledge, awareness, and training. Two-thirds of cyber security leaders say they feel like quitting because they are set up for failure, and the cyber security skills gap makes their jobs too difficult.
Training sessions, such as phishing simulations and data privacy awareness, minimize easily avoidable human error, especially among ‘non-technical’ employees. It begs the question: What makes a worthy leader? Is it the person who can successfully lead cyber security teams or the one who can lead everyone by creating a culture of confidence, competence, and cyber security awareness?
A recent study by Gartner found that the best of the best lead by example: 69% of top-performing CISOs dedicate time for personal and professional development, demonstrating that cyber security training isn’t reserved for the ‘weakest links.’
Who Will Call the Shots Five Years From Now?
According to Gartner, a great cyber security leader has very little to do with technical ability. The CISO Effectiveness Diagnostic defines four skill categories for great leaders: Executive Influencer, Future-risk Manager, Workforce Architect, and Stress Navigator.
No amount of technical education will prepare you for a real-life attack scenario. When crisis mode hits, only the most clear-headed people will steer your business’s ship to safety. While cyber security professionals will spring into action, we will always need a cyber security leader to act as the crisis mitigation expert who communicates with boards and senior management.
The elephant in the room is that there may not be enough people to hold down the fort at all. Cyber security skills gaps and talent shortages impact 71% of organizations, and 54% believe it is getting worse.
No one said cyber security is easy. 77% of CISOs say that their job affects their physical health – a damning sign that the role cannot be sustained in its current state. As we look to the future, let’s eliminate the idea that cyber security is a top-down requirement and spread the responsibility among everyone. The CISO might call the shots, but they shouldn’t harbor all the stress.