A Global CISO’s Ten Rules for Success
Neal Pollard is an OODA Network member and is the Global CISO at UBS. He recently posted his 10 rules for being a successful CISO on LinkedIn and gave us permission to share them here. It is one of the best top 10 lists we’ve seen.
“As CISO at UBS, I’ve been fortunate not only to have smart, collaborative teammates in Group Technology and across UBS, but also to belong to a group of collaborative fellow CISOs in the financial service and other industries. They’ve always been ready and generous with advice and the benefit of their experiences. I think it’s important that the public understand how much this informal collaborative approach improves cybersecurity. Many have shared their overall observations of what works and what doesn’t, often in lists. To contribute and add my observations, here are 10 rules I’ve accumulated thus far, for being an effective CISO.
- The threat is human. Plan accordingly.
- Distinguish security from compliance – they’re different, though mutually supportive.
- Instrument everything you can – networks, hosts, apps, users, and sensitive data.
- Don’t trust controls, users, third parties, computers, or the internet.
- Hire into your staff technologists, operators, risk/compliance specialists, auditors, lawyers, and diplomats.
- Bridge the difference between a cost center and profit center. Understand what the business wants to accomplish and develop a way to preserve and extend the digital value they deliver.
- When challenged by competing priorities, re-read what’s written on the company HQS lobby wall.
- Culture is a powerful capability. Build, use, and protect it.
- Don’t use 10 rules if 9 will do.
Attribution: Neal Pollard, CISO at UBS