Earl Duby
VP & CISO
Lear Corporation
MODERATOR
Chris Burrows
CISO
Rock Central
PANELIST
Patrick Milligan
CISO
Ford
PANELIST
September 2020
The CISO role now being widely viewed as a strategic business partner has alleviated some stress of the role. But the demands of protecting the enterprise and the added complexity of a fluid workforce is paving the way for a discussion about resiliency and re-energizing the CISO, according to conversation from a group of leading large-enterprise CISOs in the Detroit area.
The “new normal” doesn’t feel as new as it once did, but there is still no way to forecast what stress is going to be on a given day. Conversations about mental health and work-life balance have become top-of-mind, and in September 2020, the Detroit CISO community joined an interactive town hall discussion on “Re-Energizing the CISO.”
This panel was moderated by Earl Duby, VP & CISO at Lear Corporation. Joining Duby was Chris Burrows, CISO at Rock Central, Patrick Milligan, CISO at Ford, and several members of the community who shared insights into how CISOs are practicing self-care, balancing life and work and partnering with the C-suite to protect and enable the business.
Who are Your Allies?
Finding a sense of community, both internally with business partners and externally with peers, can help alleviate stress and provide valuable insights into best practices. For the Detroit CISO community, they have found allyship in a tight knit group of CISOs and are staying connected through virtual gatherings. Sharing concerns, intelligence and best practices have all helped to build a community that allows them to hone the skills they need to stay sharp.
The C-suite and senior leadership are tasked with protecting the enterprise. Depending on the role, what that looks like varies greatly; the way a CHRO and a CISO protect the business differs, but at the end of the day, both are managing risk. HR should be a strong partner with security, especially when an employee exits the organization, which requires consistency in practices to ensure credentials are revoked and equipment is securely returned.
Being viewed as a strategic business partner starts with board involvement. Only when an organization realizes that cybersecurity is not just the responsibility of CISO, but of everyone, can a true partnership can be found. Upholding the cybersecurity of an organization is a large task, and partnerships — and buy-in — throughout the business are imperative in ensuring security.
Looking at allyship through the lens of resiliency, these relationships strengthen the position of the CISO with leadership and provide a sense of community. Executive leadership is often siloed, but the virtual environment has broken down barriers. The evolution of the CISO role has also led to varied reporting structures, with CISOs reporting to the Chief Risk Officer, CEOs and General Counsel more frequently.
Managing Risk, Managing Stress
Arguably, no organization has been immune to the challenges 2020 has brought. One particular source of stress for many CISOs is the vendor partners they rely heavily on, which have been impacted by the crisis. Some cybersecurity vendors adversely affected by COVID-19 have cut staff, and as a result, they have reduced patches, causing third party security risk to increase.
Security awareness is a perennial topic. Due to largely remote workforces, another stressor for CISOs is the newly intertwined nature of home and workplace security risks. Just as cybersecurity is the responsibility of everyone in the business, it is important that non-security professionals understand the personal implications of bad cyber hygiene. When personal security is tied to organizational security, better results and heightened vigilance are found.
Part of the job of a CISO is to stay as calm as possible and keep a level head in order to make good decisions. Being able to do this starts with self-care and setting appropriate work boundaries. While the lived experience varies greatly depending on the individual home environment, common themes of self-care include: regular exercise, setting aside space in the home for work only, meal time with family and using the previous commute time for wellness.
Burnout and stress are common for executive leaders and individual contributors alike. To that end, re-energizing oneself takes a mindful and dedicated approach. Fortunately, a galvanizing force for cybersecurity professionals is the work being done to fend off adversaries. This shared objective breaks down barriers across industries and throughout the business as there is one mission — protect the business. With this common mission, CISOs are well positioned to both grow their professional networks and continue partnership across the business.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.