11 Tips to help make CISOs GREAT!

DarkReading.com reported that “Being a chief information security officer (CISO) today is a balancing act of strategic leadership, financial literacy, technical expertise, and human connection, regardless of whether a company has 100 employees or 100,000. The role is no longer about defending the perimeter, it's about driving the business forward with resiliency while managing risk with clarity, courage, and strategic intent.” The August 8, 2025 article entitled " Redefining the Role: What Makes a CISO Great” (https://www.darkreading.com/cybersecurity-operations/redefining-role-ciso-great) includes the comments about #7 “7. Speak Candidly About Risk, and Build Resiliency”:

Boards and executives don't want sugar-coated updates. They want the truth, paired with a plan.

*Be transparent about risks, even when it's uncomfortable. But show up with a recommendation.

*Draw boundaries between corporate risk and personal exposure, and then don't cross them.

*Use language and analogies they understand — speaking tech talk won't get you too far.

*Everything is based on risk and resiliency; ask yourself, "So what," because they will.

*Articulate what is expected of them during an event before you have one, you will be glad you did.

In security, bad news is inevitable. What defines you is how you handle it.

Here are all 11 Tips:

1. Understand the Business You're Securing

2. Build Bridges Across the Business

3. Be a Leader, Not a Manager

4. Create an 18- to 36-month Strategy, Revisit It Quarterly

5. Financial Acumen

6. Stay Informed and Invest in Your Network

7. Speak Candidly About Risk, and Build Resiliency

8. Data Is the Real Risk

9. Reporting, and Metrics That Matter

10. Own Third-Party and Supply Chain Risk

11. Enable AI, But govern It

Great advice, what do you think?