6. Appoint — and empower — deputies
High-performing teams have CISOs who know they can’t do everything on their own and instead rely on deputies to help carry the load, says Steve Martano, faculty at IANS Research and a partner in Artico Search’s cybersecurity practice.
“A CISO should be identifying their top deputies or, if they already have them, they should be assigning them more of the operational tasks and the strategic needs related to their discipline, which enables the CISO to be more of that business risk executive and really serve as the peer of the CFO, the head of product, and the P&L leaders in the business,” Martano says.
This may seem like more of a win for the CISO than the team as a whole, but that’s not the case, Martano says. Rather, this creates stronger leaders throughout the security department who can respond quickly to team members’ needs — rather than always having to escalate questions, issues, and plans up to the CISO and waiting for responses.
