Expectations are related to increased budget. The problem is that it takes time to carry out due diligence to bring the right tools and the right skills. However, if the budget has not been used up for a certain period of time, once the strong focus gradually fades, executives may redistribute it to other areas.
This puts the CISO in a difficult position where the loss of funds must be explained to the board of directors and other executives, when many prefer to focus on metrics and improvements. “The CISO may talk about the risks and progress against this incident, but not about how the budget and position are taken away,” he said.
8. You must always take good care of yourself
If Cisos has a universal overall course, it is that you have to take care of yourself legally, professionally and spiritually throughout the industry.
With burnout, high stress and increased responsibilities, many CISOs feel stressed in their roles. Events increase these stressors, but they become more common as the frequency of attacks increases.
“The incident is unfortunately common; it’s part of the work,” Thorsen said.
Brown encourages CISOs to recognize the potential health impact of high-stress roles and to establish the right support system, which will be crucial in the event of an incident. And don’t underestimate how much pressure the storm’s eyes will bring to your coping mechanism.
“One of the biggest messages is that while you may think you are managing the stress, you may not do well,” Brown said. “Cisos’s job is tough enough that people have to find a channel. But during the event, it gets worse. Acknowledge that and make a personal plan for yourself because one approach isn’t for everyone’s things.”
