In 1989, Stephen Covey introduced the world to “The 7 Habits of Highly Effective People,” a book that has become a cornerstone for personal and professional development. But what about CISOs? Are there specific habits that can empower and inspire them to excel in their role?

According to George Finney, Chief Security Officer at Southern Methodist University, there are indeed nine cybersecurity habits that every CISO should adopt. These habits can help CISOs navigate the complex and ever-changing world of cybersecurity and ensure the protection of their organizations.

The first habit is to “recognize that cybersecurity is a people problem, not a technology problem.” Finney emphasizes the importance of understanding that cybersecurity is not just about having the latest tools and technologies, but about effectively communicating and educating people within the organization.

The second habit is to “build and maintain relationships with other business leaders.” CISOs need to collaborate with other departments and gain their support in order to implement effective security measures.

The third habit is to “think like an attacker.” CISOs should adopt a proactive mindset and constantly think about how an attacker might exploit vulnerabilities within their systems. This helps in identifying and patching potential security gaps before they are exploited.

The next habit is to “prioritize and focus on the most critical assets.” CISOs need to identify the most valuable assets within their organization and prioritize their protection accordingly. This ensures that resources are allocated effectively.

The fifth habit is to “embrace diversity within the cybersecurity team.” Finney highlights the importance of having a diverse team with different backgrounds and perspectives. This helps in identifying blind spots and approaching security challenges from various angles.

The sixth habit is to “develop and maintain incident response capabilities.” CISOs should have a robust incident response plan in place, which includes regular training and testing to ensure readiness in the event of a security incident.

The next habit is to “stay current with the latest threats and trends.” CISOs need to stay informed about the evolving threat landscape and technological advancements in order to effectively mitigate risks.

The eighth habit is to “build a culture of security.” CISOs should promote a security-first mindset throughout the organization and encourage everyone to take responsibility for cybersecurity.

The final habit is to “continuously improve and iterate.” Cybersecurity is an ongoing process, and CISOs should constantly evaluate and improve their security strategies and practices.

In conclusion, the nine cybersecurity habits outlined by George Finney provide CISOs with a guide to excel in their role. By recognizing the human aspect of cybersecurity, building relationships with other leaders, thinking like an attacker, prioritizing critical assets, embracing diversity, developing incident response capabilities, staying informed, building a culture of security, and continuously improving, CISOs can lead their organizations towards effective cybersecurity.

Sources:

– “The 7 Habits of Highly Effective People” by Stephen Covey

– Interview with George Finney on Business Security Weekly