The Covid Era and CISO Stress
Even before COVID-19, senior technology executives, including CISOs, CIOs and CTOs were overwhelmed, and felt an increasing lack of ballast in their lives. Some went so far as to agree to a hypothetical and meaningful compensation cut in exchange for more control over their jobs, and some semblance of work-life balance. Others felt as though they were never able to satisfy internal stakeholders and were most often the first party blamed and held accountable for any technology glitch, including those that take place in the cloud. OK, that kind of pressure might come with the job, but there are tactics that a CEO and board directors can take to support this cohort and reduce anxiety so that they can perform at a high level consistently.
Here are a few to consider:
Acknowledge The Problem
If you have given your CISO/CIO/CTO the reins and authority to implement a comprehensive plan, don’t trim back the budget midstream and expect a positive result. Once your tech leader has mapped out a plan of action which has been approved by the CEO and Board, interrupting or Scaling back the plan can cause disruption to the project and team. If cost constraints come into play during the early phase(s) of plan implementation, raise this challenge with the tech team and they can adjust accordingly. Simply cutting budgets or plan phases unilaterally may have long term operational and security ramifications.
Trust your CISO/CIO/CTO’s Judgment and Experience
Battle scars are inflicted during times of trouble – not when all is humming along smoothly; my old boss used to say, ‘there is no scholarship to the school of life’, and senior technology executives know this better than anyone. For your technology leader to be effective, she/he needs to feel empowered and not undermined, trusted and not doubted, listened to and not seen as a highly paid figurehead, or worse a rubber stamp.
Consider a Comp Time Arrangement
Your CISO/CIO/CTO might have only taken one holiday in the past three years, with half of their time off spent on internal conference calls and answering Wechat and telegram messages from their IT and security teams. Consider coordinating a ‘comp time’ arrangement so that your senior technology Executive feels valued and may be able to take that vacation without disruption. This will go a long way in helping them to recharge their batteries and come back to work refreshed.
If you’re a senior technology executive, you can take some steps on your own to reduce your stress levels. These might include:
- Be viewed as a progress facilitator in your organization. Let key decision makers know that you are focused on the bottom line, just as they are, but that you are more centered on ensuring that it’s preserved, and that potential harm is actively being addressed and mitigated on all fronts, at all times.
- Incorporate your colleagues at different levels and in different departments in ‘the fight’. Explain how their individual P&Ls or products/solutions can be impacted by adversaries, and what bad guys are currently doing (and have done) to compromise your company’s data, success or product.
- Stand your ground on critical issues and know which battles to fight. You should prioritize what is vital to the organization’s secure operations, including IP, access, resources and information, and be ready to compromise on areas that may not be mission critical.
In a senior technology executive’s first year on the job, he or she should get everything on the table and secure commitment for proposed, strategic initiatives. If you are the CISO/CIO/CTO, you might set out a clear plan of action with milestones, requirements, must-haves and nice-to-haves (from people, process and technology angles), and brief stakeholders on a monthly basis regarding impediments, developments, and progress. Do not get caught flat-footed by a new CEO who may be appointed during your tenure, and don’t go longer than six-eight weeks without briefing key stakeholders and partners on your transformation. Educate your colleagues regarding secure cloud applications, remote access, and cost savings achieved through leveraging emerging cloud solutions. Lastly, take the bullet for shortfalls – the buck stops with you, and you will build longer term trust with peers, reports and supervisors when you acknowledge and accept blame for events that may occur on your watch – whether or not you may be at fault.
Senior technology executives play an integral role in an organization’s success, and should be valued as key resource and partner, not as an inhibitor or revenue sink. CEOs and board directors are in trouble If the CISO/CIO/CTO feels under appreciated and feels as though s/he walks on eggshells. Treat these executives with empathy, confidence and trust, or the next shock to your operating infrastructure or critical technology could be your last.
By Martin Mendelsohn