If we track the recent progress of the Chief Information Security Officer (CISO), there’s good reason to wonder if they are headed toward the visibility once reserved for CEOs, given how today’s dramatic security challenges have boosted their profile.
In a relatively short time, we’ve seen cybersecurity move from being an afterthought to become central to business operations. It really wasn’t until the very end of the millennium when the Melissa virus, coupled with the fear of Y2K disasters, launched “hacking” and data security into the public perception.
Since that time—a mere 20 years ago—we’ve seen a rapid evolution of the role of the CISO from a back-office controls and risk mitigation function to one of the most influential voices in the boardroom. CISOs are responsible for guarding against attacks that are not only costly in terms of revenue but also brand reputation.
In an era of rapid digital transformation, the role of the CISO has shifted to that of an “enabler,” helping companies securely move at the speed of the market. It’s not a stretch to assume that as the significance of the role continues to increase, so too will the public interest in the people holding these roles.
In fact, we’re already starting to see this shift as CISOs are increasingly being called upon to serve as thought leaders and experts in the eyes of external stakeholders.
Taking Center Stage: A Challenging Balance
Just as many brands have benefitted from the robust personalities of their CEOs, there is a corresponding argument to be made that putting the CISO front and center can be beneficial.
Data security remains a polarizing topic. According to a recent survey from KPMG, 67% of the U.S. general population say they want more transparency around how their personal data is being used by companies. And 40% say they would willingly share their personal data if they knew exactly how it would be used—and by whom.
Similarly, in a “show, don’t tell” era, consumers may place more trust in an organization if they feel they know the person behind ensuring their data-safety. Humanizing the function by putting a name, face, and personality behind security and privacy measures can help convince consumers that the organization is truly, personally invested in securing their information.
But such exposure comes with its own set of risks. Elevating and celebrating the CISO could give cybercriminals an extra incentive to target the company—looking to specifically take down that figure.
Also see: 5 Cloud Security Trends in 2022
Best Practices for Today’s CISO: Earning Trust
CISOs and aspiring CISOs would do well to prepare for the eventuality of life in the public eye. Here are some guidelines.
Use your Personal Brand for Good
The most important aspect of building your personal brand is understanding its purpose. Why are you building your brand? What are you hoping to accomplish? Almost invariably, the answer is to build stakeholder trust.
Always Work Through the Lens of Trust
Trust is earned in drips but lost in buckets. The unavoidable truth is that—if you’re a public figure—there is no such thing as off the record. You have to proceed under the assumption that the mic is always hot, and the camera app is always on “record.”
Before you speak, post, or act, ask yourself: Will this inspire trust or erode it? By the same token, remember that if the goal is to build trust, you need to maintain an open and honest approach with your audience.
Choose your Platform
Even though it’s called a “personal brand,” the lion’s share of your content will center around your professional expertise. As you endeavor to stand apart from the pack of fellow CISOs and would-be-CISOs, you’ll want to focus on educating a wider audience on a topic you feel is very important and yet not understood by many.
Set your Own Boundaries
If you find yourself asked to be a public figure on behalf of your company, remember that “showing your whole self” is a sliding scale. It does not mean you need to tweet that back-to-school picture of your fourth grader.
It might mean sharing some snaps of your new puppy if you’re comfortable with that. Or it might mean sharing a hobby that you’re passionate about. Remember, the goal is to help your audience understand the real you—but you decide where to let them in.
You Can’t Fake It
Creating a persona that is not true to you is a recipe for failure. It is not sustainable, and the world has become too interconnected with too many people having a microphone for you to successfully present a lie.
All it takes is one viral post from a friend or acquaintance who truly knows you to blow your cover, and in doing so destroy any trust you’ve cultivated.
Seek Expert Help
You’re a CISO because you are an expert in information security—and that is where your focus can and should remain. When it comes to building and maintaining your brand, seek out the experts. If your company is pushing you to be “more public-facing,” ask what resources are available to you to help create content, maintain social media engagement, and secure (and prepare for) traditional media opportunities.
According to a report from Grand View Research, the global cybersecurity services market size is expected to reach USD 192.70 billion by 2028. As the field continues to expand, we may well see the day when it’s commonplace for CISOs to be Twitter verified.
Get ahead of the game by taking steps today to ready your personal brand—but never forget that the goal is not to get famous. Rather, it is to further business objectives and results by building, maintaining, and growing stakeholder trust.
Also see: Cybersecurity in 2022: Solving the Skills Gap
About the Author:
Prasad Jayaraman is a Principal in KPMG’s Advisory Services