The CISO as a Digital Trust Diplomat

“Each person’s behavior toward the other determines whether the relational dimension leads to a conversation that is rich or poor. In other words, what you do will influence what they do: if you confront them, they may confront you; if you try to appease them, they may take advantage of you and then feel aggrieved if you then change tack and become more assertive.” — “Talking the Walk,” a publication of The Partnering Initiative.

Why should chief information security officers (CISOs) consider themselves as digital trust diplomats? It is undeniable that today’s CISOs have to play multiple roles. They must be able to converse about deeply technical and complex issues one minute and translate how all these issues can impact the company’s bottom line the next.

One of the skills that is becoming more necessary for CISOs is diplomacy. However, diplomacy isn’t confined to the simplistic idea of endless meetings, tit-for-tat swaps and complex, multiparty negotiations. CISOs are at the center of a conflict of unprecedented scale and significance. And yet, as digital trust diplomats, CISOs have a lot to offer, and many professionals have a lot to learn.

The CISO as a Digital Trust Diplomat

The currency of the diplomat is trust. CISOs must be tactful in their negotiations and attempts at influencing without authority. They must also be strategic enough to realize that the way forward and upward for the business isn’t just about cybersecurity — it’s also about projecting a sound approach to protecting the data entrusted to the organization. Digital trust is critical to every organization’s future health.

In the digital world, diplomacy and trust go hand in hand. According to a report by Accenture, “Trust is the cornerstone of the digital economy. Without it, digital businesses cannot use and share the data that underpins their operations.” In other words, the CISO, as a diplomat, can help build that trust internally with the C-suite and the board and externally by ensuring the organization deliver on its promises to customers and business partners.

Digital trust can be a differentiator and a competitive edge. A PwC report echoed that sentiment: “We’re in the decade of digital change in which only the fit will survive and thrive. And to be digitally fit, you need to be digitally trusted — by customers, suppliers, in fact by all the stakeholders in your business.” The report further stated that “digital risk and the need to build trust should be treated as an enterprise issue for which boards need to develop a clear risk appetite to suit their specific business circumstances.”

What’s Your Grade Level?

So, how good are you at being a diplomat? The Organisation for Economic Cooperation and Development (OECD) published a Competency Framework that outlined 15 core competencies that are key to helping organizations achieve their objectives. The framework organized those competencies into three groups:

  1. Delivery-related competencies focused on achieving results, such as analytical thinking, achievement focus, drafting skills, flexible thinking, managing resources, and teamwork and team leadership;
  2. Interpersonal competencies focused on building relationships, such as client focus, diplomatic sensitivity, influencing, negotiating and organizational knowledge; and
  3. Strategic competencies focused on planning for the future, such as developing talent, navigating organizational alignment, strategic networking and strategic thinking.

The framework provided different behavioral indicators associated with different job levels, ranging from level 1 for assistants, secretaries and operators to level 5 for heads of division, counselors, deputy directors and directors. It’s a good way for CISOs to evaluate their own competencies and create road maps to improve weak areas.

A TV Show To the Rescue?

The reports and frameworks mentioned above offer useful, if not actionable, information. However, this article came about because of a TV show called “Madam Secretary,” and the parallels between a diplomat’s daily crises and that of a CISO’s.

Starring Téa Leoni as Elizabeth McCord, U.S. Secretary of State, the show explores issues in international — that is to say, traditional — diplomacy, whether it’s a crisis in our backyard or halfway around the world. However, the show also lets viewers in on behind-the-scenes actions, deliberations and negotiations that sometimes result in successful diplomatic resolutions.

While watching the show might not improve your ability to speak a foreign language, there are many situations with strong parallels in the business world, especially from the perspective of a CISO trying to manage a near-continuous stream of crises. Your organization’s success depends on it.

Listen to the podcast series: Take Back Control of Your Cybersecurity now

Share this Article:
Christophe Veltsos

InfoSec, Risk, and Privacy Strategist - Minnesota State University, Mankato

Chris Veltsos is an associate professor in the Department of Computer Information Science at Minnesota State University, Mankato where he regularly teaches Information Security and Information Warfare classes. Beyond the classroom, Chris is also very active in the security community, engaging with community groups and advising business leaders on how to best manage information security risks.