CISO: A day in the life

What does a CISO do? Drawbridge CISO shares insights on what it takes to succeed in this dynamic and challenging role
76 readers like this.
CIO_time_management_day_life

A mentor of mine once remarked: While many people look for a work-life balance, the role of a CISO fits much better if you embrace a work-life blend.

This is especially true for those working at home or in a hybrid model. Cybersecurity is not a 9-to-5 job, especially if your organization includes multiple time zones. As such, you need to enjoy the challenges and responsibilities that come with cybersecurity.

[ What is a 'day in the life' like in your role? If you'd like to participate in this series, reach out here! ]

A typical day for a CISO

I start my day slightly differently from most IT professionals. Since we have alerting systems and incident response communication methods in place, I can confidently assume that I won’t have an email that needs critical insight at 6:30 am. I’m more likely to begin the day with threat intelligence, reviewing what’s happened overnight in the world of zero-days, targeted attacks, new guidance, etc. A CISO should be well-versed in the overall world of cyber, and there are countless valuable communities and media websites for delivering the latest intelligence.

Then it’s time to offer my services. As the CISO of a cybersecurity firm, I not only have corporate responsibilities, but I’m also heavily vested in ensuring we deliver the best cybersecurity tools and services to our clients. I might be joining an existing or potential client’s CISOs, CIOs, and CTOs to discuss their requirements – particularly as we work in an increasingly regulated industry where our team frequently calls upon me for regulatory guidance.

[ Also read Analytics director: A day in the life. ]

In the afternoon, I handle internal meetings to discuss our corporate cyber program (certifications and the ongoing maintenance of SOC2, for example), long-term strategies for our cyber solutions, and recurring tasks that fall throughout the week, such as report reviews, auditing functions, addressing privacy issues, etc.

If you prefer a strict schedule and a predictable, organized day, this probably isn’t the role for you. A CISO must be able to adapt and move with business demands in real-time. In addition, a CISO’s projects are rarely one-week affairs. They are more likely months or even years in the making. As such, the role requires discipline to keep on track with goals and deliverables. If you’re a procrastinator, you’ll struggle as those annual business cyber certifications creep up on you!

For a CISO role, you should have a passion for IT, cyber, and even government or agency regulation.

CISO background and skills

A CISO role is not one you should stumble into. You should be passionate about IT, cyber, and government or agency regulation. You don’t need to be a lawyer, compliance expert, software, or infrastructure architect, but you must be able to have bi-directional conversations with each of these professionals.

Your foundational skills should include stints in infrastructure, cloud, and/or software development. Getting involved in more areas early in your career will give you the depth you need later. Many IT staff members start as generalists (such as helpdesk support) and tighten their focus later in their career, perhaps as database admins, pen testing, network design, virtualization, etc. They can then return to become an encyclopedia of all things at the CISO level.

Cyber isn’t all tech, however – in fact, technology might even comprise less than 50 percent of the role. You need to be a good writer and be able to talk clearly and concisely to the public, management, and board alike. You also need to handle policies for the business – governing with appropriate control. As CISO is a fairly new role to many management teams, it can take time to gain the authority you need among your C-level peers.

As I mentioned above, I embraced the “work-life blend” model for this role, which is an important way to think of it. For me, cyber is almost a hobby: I often find myself reading and researching on my own time. Blending, however, doesn’t have to mean missing your child’s football match. With careful planning (especially for those long-term projects with short-term goals), you can blend your cyber career and life.

[ Check out essential career advice from 37 award-winning CIOs! Get a variety of insights on leadership, strategy, and career development from IT executives at Mayo Clinic, Dow, Aflac, Liberty Mutual, Nordstrom, and more: Ebook: 37 award-winning CIOs share essential IT career advice. ]

What to read next

simon_eyre_drawbridge
Simon Eyre is Managing Director and Head of Europe, leading Drawbridge’s engineering, product, and customer engagement teams across Europe.