Great persons are great because of good, strong foundations on which they were able to build a character.

—Alfred Armand Montapert

Most CISOs spend more time focusing on being a security technologist than a security executive. “Do you know how your company generates revenue? Who are the people in charge of the different lines of business? Why does your company have a security program? How are you working with your executive leadership? How are you adding value? Why do you even want your job? Is it a passion?” Steve Katz, widely recognized in the industry as the world’s very first CISO, emphasized the importance of any security leader knowing the answers to these questions.

This chapter reviews many key lessons Steve and other leaders shared in different sessions of Shamane's “Mega C-Suite” series with her Cyber Risk Meetup global community,¹,² as well as leaders she spoke to specifically for this book. Cyber Risk Meetup³ is a platform founded in 2017 to facilitate the exchange of knowledge sharing across industries and thousands of international experts have engaged with it since then.

BUILDING RELATIONSHIPS WITH YOUR BUSINESS LEADERS

It is important for CISOs and security leaders to meet with executive business leadership regularly. If the only time they see you is when there is a problem, then they associate you with the problem.

SPEAK THEIR LANGUAGE

Do CISOs really know the top few things that the board is interested in? ...