Being a security leader is about more than simply managing a security program. A successful leader manages their management chain and senior stakeholders. This part of the job is as important, if not more so, than running the security tools and services that make up the security function. Why is this so important?

Most security leaders report to someone who doesn't understand security. Even a chief information officer (CIO) boss, who you would think might be most likely to understand, doesn't spend their time in the weeds of information risk management, which means they often fail to consider the nuances of security strategy and decision-making. Many security leaders report to a nontechnical executive — a financial officer, the head of the legal department, or even the chief executive officer (CEO) — and those people rarely have ...