Header image

#Infosec24: Hall of Fame CISO Advises on Best Practise to be a Great Security Leader

The four recommendations on how to be a decent security leader.


Speaking at Infosecurity Europe in London, Stephen Khan, chief business information security officer at Cognizant Digital Services, talked about the four attributes that companies want from a security leader, including being curious, open to help others, learn more about your business's operations and be a “balanced leader.”

Khan, who has served in security leadership roles in major pharmaceuticals and financial services company, as well as volunteering for industry groups including the White Hat Ball charity event, encouraged delegates to “be reflective and overlay your own experience with your own journey” and not to be too critical of yourself.

What Did You Learn?

Khan said there is too much expectation leaders moving roles and finding that something which worked elsewhere, does not work for another company. He said this can lead to frustration, and what practitioners should do is consider how the new business operates, and what they are trying to achieve.

He named the four skills as the following:

Technology Applicability – Saying there are so many vendors and options to choose from, you need to know what the impact of implementing it is, and is not.

Business Operations– He recommended considering what space your business operates in, who are the partners and what are you looking to protect, “be mindful of what you’re trying to manage.” He also recommended reading the annual report of your company, as “vendors know more about your company than you do.”

“For business operations, the key thing is relationships as you need to build an influence network,” he said.

Execution for Outcomes – Khan referenced the “second year principle” as support from your organisation will determine what you’re getting in the second, third and fourth years of your tenure. “Also consider the cost of displacement and cost of implementation, and the cost of change itself,” he said. “Do this during execution, so you have shared values, but build with the stakeholders you've cultivated.”

Balanced Leader – His final point was to “understand your own natural bias and leave ego aside”, as well as treating people with humility. “In the ecosystem become a trusted partner to business stakeholders.”

Next Steps

Khan said how you get there “depends on where you are, depend on where you start” and start early, and be prepared to learn from others.

Answering audience questions, Khan encouraged delegates to give a helping hand to new people coming into the industry, as relationship building is not easy and there is a chance for people skills to be built.

He also admitted that you “can’t know everything, but know the outcomes you want to achieve” and think about where you are, and “don’t chase perfection.”

The session concluded with Khan being inducted into the Infosecurity Europe Hall of Fame, as well as a presentation of the cheque for £306,000 raised by this year's White Hat Ball.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

11
Jul

Beyond Cloud Security Posture Management:

Validating Cloud Effectiveness with Attack Simulation

image image image image