Proofpoint closes acquisition of Tessian. Read More ->

Request a demo
Platform
Complete Cloud Email Security
Get a Platform Overview
Featured Content
What’s New
What’s New
Tessian Platform Overview Brochure
Product Resources
Tessian Platform Overview Brochure
Microsoft + Tessian: Comprehensive Email Security
Solution Briefs
Microsoft + Tessian: Comprehensive Email Security
Solutions
Tessian solutions by use case and threat types
Customers
Tessian case studies by use case and industry
Read more
Featured Content
Advanced Email Protection for Florida’s Largest Law Firm
Customer Stories
Advanced Email Protection for Florida’s Largest Law Firm
Next-Gen DLP For One of Africa’s Largest FinServ Groups
Customer Stories
Next-Gen DLP For One of Africa’s Largest FinServ Groups
Resources
Tessian content by use case and industry
Resource Center
Featured Content
Forrester has named Tessian a Strong Performer in The Forrester Wave™: Enterprise Email Security, Q2 2023
Research & Reports
Forrester has named Tessian a Strong Performer in The Forrester Wave™: Enterprise Email Security, Q2 2023
Company
About Tessian's mission and career opportunities
Read more
Request a demo
Request a demo
Request a demo
Request a demo
Request a demo
Request a demo
Life at Tessian

The Rise Of The New-School CISO

Henry Trevelyan Thomas • Wednesday, June 9th 2021
The Rise Of The New-School CISO

Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.

I’m lucky. I get to speak to and learn from hundreds of CISOs each year across all different sizes and types of orgs. Each conversation gives a unique insight into how companies approach security and, crucially, what works well and what doesn’t. 

 

Over the last few years, there is a very specific type of security leader who I’ve seen succeeding time and time again. A type of CISO that has particular success in winning boards over, getting employees to engage, and ultimately reducing exposure for their org.

 

So what makes these new-school CISOs so successful?

1. Security = sales

Gone are the days where security leaders are technical folks that shun any form of pitching as “not part of their job”. The best CISOs have recognized the importance of security in winning new customers and embraced it. Whether it’s leveraging their progressive security tech stack to impress, wowing a prospective customers’ security team over a call, or being a crucial part of the pitch team, security can have a material impact on the most important business driver (new revenue). It doesn’t start when the pitch has been secured; I’m regularly hit up by CISOs at customers asking for intros to prospective new customers. CISOs winning and finding deals – no wonder they don’t struggle with exec attention.   

 

2. Customer success = CISO’s success

I’m biased, but nothing is more important than making the customer successful. It’s easy for security teams to think they have limited ability to impact their customers’ success, but some CISOs are going above and beyond to make their customers successful. From proactively building relationships with customers’ security teams to notifying customers of potential vulnerabilities, nothing beats having a direct relationship with a customer. Better still, if you can help them be more secure, you’re creating value for the customer and protecting your organization; after all, you’re only as secure as the customers (and suppliers) you work with.   

 

3. Employees are everything

Security doesn’t work in a vacuum. You won’t win as a CISO if you push down security policies and assume they’ll be adopted. This belief is at the core of the new-school of CISO – they know that they’ll only drive positive change in the organization if they bring people along for the journey. That means great storytelling, making content relevant and doing everything they possibly can to help, not hinder, their employees to work securely. Some great examples I’ve seen here are hijacking the beginning of other meetings to educate on security, giving line managers the insight they need to make their teams work securely and gamifying leaderboards to make security competitive.  

 

4. Mission-driven

Businesses exist to achieve their mission. Security exists to ensure businesses can stay safe in order to achieve their mission. It’s that simple, and emergent CISOs are building their team around this premise. Unfortunately, often there are years worth of clunky legacy technology and processes that restrict employees, meaning CISOs need to go against the status quo, ask more from their solutions and not settle for anything less than frictionless UX. It’s awesome to see security teams start to judge their success on the delight of their employees – using metrics such as NPS or CSAT – as well as more security-centric metrics. After all, if you enable your employees, you’ll enable your business to succeed. 

  

5. Technical proficiency

There’s no doubt having a level of technical proficiency as a CISO is important, but the CISOs who are influencing the most and driving change in the profession often win because they are great communicators, understand business drivers and care about user experience. More and more, I’m seeing CISOs from non-technical backgrounds triumph by combining the above traits with hiring a team who bring the technical expertise. 

It’s been awesome seeing security – and the role of the CSIO – change and observing which type of CISOs are having the most success. No doubt in 12 months time, the traits needed to succeed will have changed again and I’ll need to rewrite this 🤦‍♀️. 

 

Henry Trevelyan Thomas Vice President of Customer Success

Related Posts