The Odd One Out: Unleashing the Power of the Unpopular Opinion

CISOs today intersect with all facets of the business, whether that be liaising with network teams to manage performance, or balancing the costs of IT operations to avoid isolation from core business functions. Successful CISOs navigate these intersections by adopting proactive strategies in order to transition from a back-office role and become recognised as valued strategic partners within their organisations.

For CISOs, unleashing the power of their role means more than securing a seat at the table–it means gaining control over budget allocations, reducing friction in operations, and engaging in strategic long-term planning to ensure the effectiveness and efficiency of cybersecurity measures.

I presented at RSA this year, and my session was titled “Unleashing the Power of Unpopular Opinion.” Here are a few actions I recommended to the audience in that session to kickstart the process of unleashing the power of the unpopular opinion in their own work.

Step One: Recognise that quality is not enough

It’s crucial that CISOs shift their perspective on “politics.” While striving for quality may be the primary objective, achieving success hinges on gaining acceptance. This necessitates identifying and engaging with the key stakeholders and effectively communicating in their language and speaking to their priorities. Without this alignment, even the highest quality efforts may fall short of their intended impact.

Step Two: Leverage the organisation around you 

While cybersecurity professionals are often hired for their technical acumen, it’s their ability to communicate those technical subjects that truly paves the way for success in their roles. For CISOs, it’s imperative that they go outside of their own function and pick the brains of their colleagues, allowing for a deeper understanding of their objectives and facilitating a strategic pathway to success.

For instance, if a CISO is constantly faced with challenges to their budget approval, grabbing a coffee with a finance counterpart can offer invaluable insights into their decision-making process, which can help refine a successful approach. If employees are failing to engage with cyber initiatives, speak with the marketing or communications teams about how to improve your internal communications. 

It’s important to leverage the organisation around you–and pick your partners wisely. Once your partners are selected, consider establishing a committee to raise awareness and drive effective action.

Step Three: Communicate, communicate, communicate

CISOs often encounter resistance from middle management. To conquer this, it’s essential to approach challenges with unwavering determination and a desire to enact positive change. Cutting through layers of resistance means taking strategic initiatives and securing genuine commitment from all stakeholders without disrupting the established reporting structures. While it may seem unconventional, breaking traditional frameworks, such as hierarchical organisational structures, is often the only way to access the most capable individuals. 

Communicating a compelling narrative to executives, including highlighting tangible results and a clear roadmap, is paramount in securing their buy-in. Sometimes, unconventional approaches yield valuable results, including, for example, bringing people from across departments together for intensive collaboration sessions like an AI council or a hybrid work productivity group. Even if these methods diverge from traditional protocols, they can still produce significant outcomes.  

The CISO role is shifting as digital technologies become critical for a business to operate. With the responsibility of securing assets, successful CISOs need to engage with their entire organisation to understand potential risks and activate their colleagues to help protect company data.