Al Ghous’s Cyber Security Playbook: How to Balance Competing Priorities and Stay Calm within Chaos

After more than 25 years in cyber security, out of which up to 10 years in significant leadership roles at both large corporations like GE and innovative startups such as Snapdocs, one of the main lessons is that a CISO’s must-dos are rarely aligned to business goals.

Today’s economic climate forces companies to prioritise essential actions due to limited budgets and resources. When businesses opt for maintenance over expansion yet still need to meet customer demands, CISOs find themselves in front of competing priorities and must balance resources. This is especially the case in highly regulated industries or when the business has clients that are regulated, and they just pass those requirements down to you.

CISOs navigate these challenges in a dynamic environment, adjusting to changes in business objectives, partnerships, and evolving threats.

Security strategies cannot remain static. Continuous adaptation and education of the leadership and the board are necessary. This is particularly important for companies like Snapdocs, which handle sensitive data attractive to adversaries.

Building strong relationships with executive leadership and maintaining open communication lines enable effective decision-making, especially when facing resource allocation challenges.

Client demands can sometimes divert resources from the core business plan. The CISO’s role is to evaluate the implications of meeting these demands against the cost and resource allocation and facilitate the discussion between the chief revenue officer and the chief product officer. At the end of the day, they all want to help generate more revenue and keep the company secure. But there are always trade-offs, and the CISO must present the pros and cons of all options transparently. For instance, when pursuing new certifications versus addressing customer demands, it’s essential to engage leadership in prioritising tasks based on business impact.

Open and efficient communication ensures that when challenges arise, the team is prepared to make and commit to decisions that balance business and customer needs. This process is iterative and builds operational resilience.

You know the players and the leaders. You have the template and execute, leading to a decision. And you stick with that decision and move forward. After a certain point, it becomes automatic.

CISOs that don’t have that relationship with the executive leadership team often struggle with balancing resource allocation.

CISOs often have to deal with chaotic environments. While many enjoy the adrenaline rush and thrive in challenging situations, it’s important to stay calm and not panic. Maintain your composure to prevent damaging relationships with stakeholders, especially when new to an organisation.

The best strategy is to observe, engage with others, and break problems into manageable parts. When having to implement significant changes in personnel, processes, or technology, it’s important to adopt a methodical approach with input from business stakeholders.

Moreover, developing critical thinking skills is an asset for security professionals. Critical thinking helps you break major problems into smaller pieces, consider all the different aspects of issues, and find ways to manage and contain them.

CISOs often come into organisations with their 30-60-90 day plans, only to quickly find that they must deal with different demands and priorities.

While plans are necessary to showcase an approach and thought process, CISOs must remain flexible to drop their plan and move the needle on the issues that are important to the CFO of the company or the CIO of a client, for example.

Without the CISO’s openness to pivot, stakeholders can quickly become frustrated. The plan remains, and the team can execute it when resources allow it.

Beyond his responsibilities at Snapdocs, Al Ghous is involved in Silicon Valley CISO Investments, a group of cyber security leaders who leverage their collective expertise to support and invest in emerging tech companies.

This initiative was born from the desire to support startups in ensuring security for their cutting-edge products. Following positive feedback, the group explored further support avenues and came up with a model that combined advisory services with the opportunity for co-investment. This led to the successful engagement with numerous companies, ultimately capping the group at 60-65 to maintain manageability.

The primary objective is to assist these startups in developing viable and marketable products. Unlike traditional venture capital, the group’s focus extends beyond financial contributions to include validation and support, which are invaluable to founders.

CISOs play an influential role in shaping the future of technology. But what does the future hold? With an election year in the U.S., ongoing economic uncertainties, and the continuous evolution of technology, 2024 will be filled with both challenges and opportunities.

Adaptability, critical thinking, and learning from experts can help cyber security professionals manage a stressful environment and navigate uncertain times.

Check out our blog and YouTube channel for more valuable conversations that help you think outside the scope, and let’s connect to discuss cyber trends.