10 Golden Rules of the Outstanding CISO

1. Maintain your integrity

Whatever you do, be upright, incorruptible and honest. Don’t take shortcuts and give people a reason to put their trust in you.

2. Go back to the basics

Don’t overcomplicate things, leave the technical or business jargon out and educate people with easy understandable examples.

3. Go for quality

Make processes repeatable and documentation outstanding. Let your work be a piece of art. Don’t be a perfectionist, simply iterate and keep improving your work in steps.

4.  Don’t panic

There aren’t many situations in which panic really helped. Stay calm and be responsive in times of crisis. Inform the right people and do so in the right format.

5. Be the master of communication

If there is only one thing that will never become obsolete: communication. Write clearly, maintain proper documentation and speak the same language of your audience.

6. Don’t oversell

If you need some budget or the technical guidance of your engineering staff, tell the other the real risks and existing threats. Be honest in the promises to others and leave the soaps to the professional television actors.

7. People beats process

People are the most important asset of a company. Guide, explain and educate them. Show them the process, but also be open for feedback. The process might be the reason why they are avoiding it.

8. Process beats technology

Don’t try to solve everything with technology. Technology is a tool. You can’t solve every issue with a hammer, so why trying it in the digital world?

9. Start to finish

If you start an activity, make sure to finish it. Only finished work will get to the hall of fame.

10. Think before you react/act

The first phase should always be the one of “thinking”. Each action will be followed by a reaction.  Be careful and avoid violating the other 9 rules.