Five Tips for Tough Days as a (C)ISO

Information Security leadership can be a tough spot.  We are agents of almost constant change in order to combat threats that no one can see.  Threats that often don’t show evidence of their existence until some amount of damage is done.  We ask for things that cost what’s arguably the most precious to institutions, money and time, to fight these ‘invisible’ threats.  In many cases, we are seen as a necessary evil that an examiner or auditor determines to be a need. 

To do our job we must think about things from a risk perspective, thinking about the threats and risks weighed against the gains and ease connections and technology bring to the table.  This is what we’re up against and as I speak with experienced ISOs and reflect on my personal experience, more often than not stories of combating and overcoming these circumstances come up.   

So, this post is meant to bring some perspective and encouragement for those days where there was a battle lost, where the office is a lonely place and it seems you are speaking a language no one else understands.  I’ve been there and chances are you have been, too.   

The most helpful wisdom I’ve found is based on a book that brought me through some tough times and changed my perspective on many situations: The Four Agreements by Don Miguel Ruiz.  

So, here are five things to remember on those days when you are weary from fighting the good fight: 

1. It’s less about you than you think.  Know that whatever decisions are made, comment said or frustration shown, it has nothing to do with you.  These words and actions are a reflection of wherever that person’s mind is or the situation at that time.  Senior leadership prioritizing a project ahead of yours?  It’s probably related to a bigger need at the time.   Someone being rude?  It’s probably that they’re going through some stress either at work, home or both.  Putting on this lens to frame those circumstances can save some unnecessary pain and damaged relationships.
   
   
2. It’s always better to ask questions than make assumptions. It’s in peoples nature is to fill in gaps in stories and information.  We have a need to know what happened at point ‘a’ that resulted in point ‘b.’  In instances where this isn’t clear, we make an assumption to fill that gap and many times don’t even realize we’ve done so! Most often that assumption results in us taking it personally or assuming bad intentions of others when that was the furthest thing from their mind.  Often it’s difficult to find the courage to slow down and ask questions but it can be a game changer.  Asking the right question with patience and curiosity can provide much needed clarity where misunderstanding and miscommunication happened…which is often. 
   
   
3. Words have power, so chose them wisely.  This one is the toughest one for so many people, me included.  It’s easy to just unload and let all those negative emotions run through you and maybe onto someone else.  Just remember, the things we say can come back to haunt or help us later; it’s all up to us!  Saying negative things or complaining doesn’t help get past whatever it is that we are trying to overcome or defeat.  Rather, these just drag us deeper into the anger, frustration or whatever emotion is there at the time.  Instead choose words that help guide to the solution, are truthful, assumption free or at least point to the notion that there will be better times and this is just a bump in the road.  In many cases, looking back we will find that it is. 
   
   
4. Always do your best. Here’s what this doesn’t mean: You have to be perfect all the time.  What it does mean is that we should understand and forgive ourselves when a mistake is made; use it as a learning experience and move forward.  Know that your best will be different on different days.  On days when you or a loved one are sick or going through a tough spot, recognize that your 100% on that day is different than a normal day.  Know that we all fail at times by falling into the same old trap, even in some of the agreements we have already made with ourselves.  When this happens, forgive yourself, get back up and try again.  Regardless of the circumstances do your best in that moment, that day, that time.  Anything less will leave regrets and self-judgement.   
   
   
5. You are not alone. There are many others who have felt that same emotion, fought those same battles or made the same misstep.  We are all human at the end of the day.  It’s okay to reach out for help or talk through it with a friend, mentor or family member.  They may not understand entirely but chances are they’ve fought something similar.  So, ask for that coffee, lunch or Zoom meeting to chat and remember to do your best to be there for them when they need it, too. (If you're in need of a mentor, you can check out our CISO Mentor Program here.)

If your Information Security program needs a hand and you just don’t know where to begin, our Base vCISO module could be a great place to start.  Reach out for more information at support@bedelsecurity.com.