USAabout provides insights into the profitability of commercial propertise and offers up-tp-date stock market news for informed investment decesion.

Facebook-f Twitter Instagram
Market Analysis

Influence, The Memo, and Good Old Project Management

eqed5
eqed5
6 Min Read


It’s hard to believe I’ve just turned the corner on my first year at Forrester as a Security & Risk Executive Partner — and what year it has been! Working with top security leaders across all types of industries and incredibly talented co-workers has been rewarding and has challenged me in the best possible way.

As I look back on the last twelve months, for this installment, I thought I would talk about a few key observations I’ve made.

My Observations From The First 12 Months

  • Different company + different industry + different regulations = same job: Sure, there are differences. The regulations, specific issues, culture, and the rules you operate under may vary. But whether you’re a government agency, law firm, corporation, or a financial institution, the core tenants of being a CISO don’t change and neither do the challenges, at least certainly not nearly as much as I thought they might.
  • Focused on the business: The good news is that most security leaders I speak with got the memo on security’s purpose — being aligned with and focused on helping the business achieve its goals while reducing risk to acceptable levels.

Unfortunately, it’s also clear that not everyone outside of security did. I still hear instances of security getting a “bad rap,” being a roadblock to any number of things including customer service, customer experience, and innovation which leads me to my next point.

  • Influence or lack thereof: If I had to call out one thing that stands out across a many my interactions, it would be influence. It’s the soft skills that are the most challenging, and I would argue are the most important.

Outside of specific technical or strategy related discussions we talk a lot about how to wield influence and the benefits of good storytelling skills. Whether that’s getting IT, leadership, departments, teams, or the business in general on board, there’s still a tangible struggle to do so effectively and consistently.

I have long since said people are the hardest part of security and this observation solidifies that. And the impacts can be significant including increased risk, inability to secure funding, project/initiative delays, and frustration. In some, if not many cases, it directly contributes to burnout. To be fair, I have also seen great examples of what “good” looks like and the significant difference it can make. Check out our research on influence and storytelling:

Influence and Engage Executives

Master Storytelling for Impactful Leadership

Use Leadership Storytelling to Communicate Techs Business Value and Inspire Action

  • Boiling the ocean: Good project management skills matter. This may may seem logical if not obvious. but it’s easy to get overly focused on the end-state objective and get subsequently overwhelmed. Consider the following:
    • Define what “good” looks like and what the final end-state looks like. Without this, you won’t know when you’re done or how to measure your success.
    • Break the initiative into logical manageable pieces that are easier to control and adjust or net measurable wins along the way.
    • Speaking of “wins,” identify quick wins that make an impact and show immediate progress. It’s even better if these wins benefit groups outside of security which can help with influence.
    • Define use cases, where applicable, using a risk-based approach.
    • Report on and celebrate the achievements.
    • Project prioritization across the company is also key. You can’t have ten number one top priorities. If everything is a priority, then nothing is.
    • Any of the above can adjusted along the way, but without them you are well…. boiling the ocean.

I am sure some, perhaps many of you are thinking, “Geez David we know all this!” How right you are and that’s my point!

For all the progress we’ve made, we continue to struggle with some of the fundamentals. I’m not even talking about basic cyber hygiene (that’s a whole other blog). Don’t mistake fundamental for easy, that’s exactly why we are where we are. It’s hard. People are hard. Personalities can be challenging and expectations are at an all-time high. In addition to business, I have often thought if there was an adjacent degree, or minor that would be most useful for a CISO it would psychology.

So, that’s a wrap on year one! Don’t forget we have The 2023 Forrester Security and Risk Forum coming up in November 14th and 15th in Washington D.C. See you there.

You Might Also Like

Forrester’s 2024 Technology Strategy Impact Award Winners For EMEA

Key Takeaways From The Forrester Wave™

DRÄXLMAIER Group Wins The 15th Annual Enterprise Architecture Award In EMEA

What Is Top Of Mind For B2B CMOs In Asia-Pacific

The Modern Echoes of the EIC In The AI Age

Share this Article
Previous Article Serena Williams signs 2-book deal with Random House
Next Article Markets in Chaos: A Return to the Gold Standard?
Leave a comment

Stay Connected

Latest News

Forrester’s 2024 Technology Strategy Impact Award Winners For EMEA
Market Analysis
Key Takeaways From The Forrester Wave™
Market Analysis
DRÄXLMAIER Group Wins The 15th Annual Enterprise Architecture Award In EMEA
Market Analysis
What Is Top Of Mind For B2B CMOs In Asia-Pacific
Market Analysis
Lost your password?