Header image

#Infosec24: Hall of Fame CISO Advises on Best Practise to be a Great Security Leader

The four recommendations on how to be a decent security leader.


Speaking at Infosecurity Europe in London, Stephen Khan, chief business information security officer at Cognizant Digital Services, talked about the four attributes that companies want from a security leader, including being curious, open to help others, learn more about your business's operations and be a “balanced leader.”

Khan, who has served in security leadership roles in major pharmaceuticals and financial services company, as well as volunteering for industry groups including the White Hat Ball charity event, encouraged delegates to “be reflective and overlay your own experience with your own journey” and not to be too critical of yourself.

What Did You Learn?

Khan said there is too much expectation leaders moving roles and finding that something which worked elsewhere, does not work for another company. He said this can lead to frustration, and what practitioners should do is consider how the new business operates, and what they are trying to achieve.

He named the four skills as the following:

Technology Applicability – Saying there are so many vendors and options to choose from, you need to know what the impact of implementing it is, and is not.

Business Operations– He recommended considering what space your business operates in, who are the partners and what are you looking to protect, “be mindful of what you’re trying to manage.” He also recommended reading the annual report of your company, as “vendors know more about your company than you do.”

“For business operations, the key thing is relationships as you need to build an influence network,” he said.

Execution for Outcomes – Khan referenced the “second year principle” as support from your organisation will determine what you’re getting in the second, third and fourth years of your tenure. “Also consider the cost of displacement and cost of implementation, and the cost of change itself,” he said. “Do this during execution, so you have shared values, but build with the stakeholders you've cultivated.”

Balanced Leader – His final point was to “understand your own natural bias and leave ego aside”, as well as treating people with humility. “In the ecosystem become a trusted partner to business stakeholders.”

Next Steps

Khan said how you get there “depends on where you are, depend on where you start” and start early, and be prepared to learn from others.

Answering audience questions, Khan encouraged delegates to give a helping hand to new people coming into the industry, as relationship building is not easy and there is a chance for people skills to be built.

He also admitted that you “can’t know everything, but know the outcomes you want to achieve” and think about where you are, and “don’t chase perfection.”

The session concluded with Khan being inducted into the Infosecurity Europe Hall of Fame, as well as a presentation of the cheque for £306,000 raised by this year's White Hat Ball.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

08
Aug
Webinar

How to Automate the Lifecycle of Joiners, Movers, and Leavers With No-Code Solutions

Streamlining the lifecycle of joiners, movers, and leavers using no-code automation

The process of onboarding new employees and quickly removing departing staff profiles can be both time-consuming and labour-intensive.
In this live webinar, we will look at how to streamline these processes to save time and resources, and providing a smooth experience for both admins and employees.

Key takeaways:
  • Understanding the importance of securing the joiners, movers and leavers process
  • Exploring successful attacks that occurred due to errors in managing these transitions
  • Discover which advanced controls can be utilized
image image image