Sometimes, you're going to have friction with HR departments.
#HOPEFULLY MEANS HOW TO#
They understand what you put on paper and how to check the boxes, but they don't understand cybersecurity and what it needs. You cannot leave it to HR departments - they are not tapped into the cybersecurity community, where your top talent is going to come from. Get out there in the community, and build relationships. Lambros: Your network is the number one place you're going to find new talent. How can CISOs effectively build their teams amid the ongoing cybersecurity skills shortage ? Negotiation is about being a collaborative partner to pursue mutual benefit and having the persistence to do some things that are uncomfortable to get to the optimal outcome for the business. I don't think the traditional, me-versus-them paradigm is the appropriate way to think about negotiation, and hopefully, that's what comes across in The CISO Evolution. And so, instead of trying to influence this person - resulting in a lose-win or a win-lose negotiation - it turns out to be a much more collaborative engagement. He argues that empathy and intellectual curiosity give you an ability to sit on the same side of the table as the person you're negotiating with to solve a mutual problem.
I really appreciate the way Chris Voss approaches negotiation. The negotiation itself is just the final component. You have to make sure you've established meaningful relationships, built a stakeholder map and created a strategy to maximize your influence. We want to send you into the room equipped with all of the appropriate tools and strategies you need to have a successful dialogue. Ultimately, influence is the name of the game. If you think you're going to be a CISO and not introduce change, then you're in the wrong business. That can mean negotiating prices with your vendors, negotiating with other stakeholders in the business about resources and timelines, or even negotiating to retain key talent when you can't offer raises. Sharp: Anytime you're advocating to change the status quo, you're in a negotiation. It's about getting what you want and having the other party feel good about it.' What's your advice for CISOs who don't have confidence in their negotiating skills? You write about the art of negotiation, saying 'It's not just about getting what you want. Read an excerpt from The CISO Evolution: Business Knowledge for Cybersecurity Executives about how to calculate an organization's cyber-risk appetite. More on The CISO Evolution: Business Knowledge for Cybersecurity Executives
But, since it was just us, we started brainstorming and talking about things like, 'How do you meaningfully budget for cybersecurity in the cloud when the cloud is so dynamic?'
Rock was there in a show of support, but no one else came. Sharp: In 2020, I had a speaking engagement at RSA. Why did you decide to write The CISO Evolution? They also explain why not every CISO needs an MBA, how to become better at negotiating and what to do about the ongoing talent shortage.Įditor's note: This text was lightly edited for length and clarity. Here, Lambros and Sharp discuss how CISOs can claim their place in the boardroom by understanding business value and connecting it to cybersecurity strategy. Sharp and Kyriakos "Rock" Lambros aim to provide a roadmap for CISOs navigating the C-suite by presenting lessons in foundational business concepts through a security lens. With their book, The CISO Evolution: Business Knowledge for Cybersecurity Executives, authors Matthew K.