Open in app

Sign in

Write

Sign in

The top 3 challenges for security leaders, and why the size of your network doesn’t always translate into sales (or finding a job)…

Michael Santarcangelo | Security Catalyst
3 min readFeb 6, 2023

… are two of the topics we explored during office hours last week.

As we do every Friday, we came together to celebrate the good, help each other solve challenges, and find our best next steps.

Here’s what we covered.

1️⃣ Why the size of your network doesn’t always matter

Deciding to launch your own business creates new challenges.

It can feel daunting when your network doesn’t translate into sales. Size of network is less important than showing what you do and connecting with the right people.

This is important for job seekers and security teams, too.

2️⃣ Top 3 challenges for security leaders

  • Budget (lack of budget, making the case for funding)
  • Earning a seat at the table
  • Staffing — too many are struggling as a team of 1 and need help

What did we miss?

3️⃣ How does cybersecurity support revenue?

Hard truth: no matter what people say, cybersecurity is not the top priority.

Making money and sustaining operations is the top priority. That means we need to understand the business and add a word to my favorite question:

What’s the BUSINESS problem we’re trying to solve?

Then we talked about some areas where cybersecurity makes a difference to the business:

Solving compliance challenges benefits the business:

  • Show how you can take compliance worries off their plate
  • Help them feel comfortable (and compliant)
  • Give them the confidence to tell investors and clients (which helps generate more business)

Drawing down on identified cyber risk benefits the business:

  • If you can draw down cyber risk, you can focus on other risks
  • Business risk analysis that results in a risk register with a score helps show the reduction
  • Example: when a bank draws down on risk, it might reduce capital in reserve, putting it to work, creating more value

Look for ways to help other parts of the business move faster and do better. Then collect those examples and tell those stories.

4️⃣ Deputy CISO vs. Chief of Staff

A Deputy CISO:

  • Second in command
  • Splits the workload based on strengths
  • Can fill-in or take over when needed

Chief of Staff:

  • Clears hurdles (often in the background)
  • Partner in thought leadership
  • Helps orchestrate

We’re going to keep looking at how we organize and operate in security, including the different roles (and what they mean).

5️⃣ Why security needs more technical PMs

We touched on the challenge of finding project managers with technical and security experience, and agreed we need more folks with unique skills coming into the field.

🔮 Some topics for next week:

  • How to explain your security program in 3 slides
  • Is project management a feeder for cybersecurity?
  • How do we develop the deputy CISO?
  • What does it mean to earn your seat at the table?

If you were there, chime in with your take-aways and insights. And if you weren’t, jump in the comments today and join us next week (invite below)!

--

--

Michael Santarcangelo | Security Catalyst

Written by Michael Santarcangelo | Security Catalyst

594 Followers

Connects security to business results, helping security leaders earn recognition as business leaders who deliver value (and know security)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams