A Chief Information Security Officer (CISO) is most commonly known as a senior-level executive who is responsible for managing, overseeing, and protecting an organisation’s information, customer data, infrastructure, and assets. However, according to new research by the global cybersecurity and privacy company F-Secure, the last year or so has seen the role and its accompanying priorities significantly shift. CISOs are no longer technical-first positions; emphasis is now on the CISOs ability to employ soft skills - the most important one being emotional intelligence. 

Titled The CISO’s New Dawn, the in-depth study consists of a series of candid, unfiltered interviews with 28 CISOs from the US, UK, and other European countries. According to its key findings, two thirds of CISOs interviewed stated that emotional intelligence is increasingly governing their role and new-found responsibilities. CISOs evidently have no choice but to develop emotional intelligence skills in order to succeed. 

In light of this news, we caught up with the security professional who’s heading the CISO emotional intelligence campaign: Tim Orchard, Executive VP, Managed Detection and Response at F-Secure. Tim has over 20 years of experience in the technology industry. His specialties include threat analytics and technical-focused cybersecurity consulting. 

Great to have you with us Tim! Could you start by giving us an exclusive insight into your role at F-Secure and the specific security areas you specialise in? 

I lead F-Secure’s Managed Detection and Response business unit, overseeing our Countercept managed service sales and delivery. I’m also part of the company’s Leadership Team, working with my colleagues to deliver great solutions to our customers and also make F-Secure an inspiring place to work.

Now, F-Secure has attracted a lot of media attention in the last couple of months because of its CISO emotional intelligence campaign/study, but it’s clear from my research that you’ve essentially been the face of it. How did this come about and why is the matter so important to you? 

Being a CISO is a tough job, and it has never been tougher. The accountability of CISOs has risen, with a need for them to focus on business risk and speaking the language of business, as well as having good technical knowledge. It can definitely be a challenge. 

We want to understand the challenges CISOs face, which helps us better respond to their needs and provide the solutions that make their job easier and their role more effective. 

In your opinion, what was the most shocking or interesting statistical finding that the report uncovered? 

None of it was a big shock to me; the fact CISOs are struggling is nothing new. However, what I did find interesting is the amount of time they spend upskilling and acquiring technical knowledge. Almost three in five (57%) of our panel ensured their teams got seven or more hours of training a month and over a third (36%) aimed to hit more than 10 hours a month for their teams. That’s a really positive investment, I think.

Unlike hard skills, soft skills such as emotional intelligence are typically harder to learn because they are more difficult to teach. So, how can CISOs best develop or enhance their emotional quotient? 

I think one of the best ways to develop their emotional quotient is to build strong relationships with their peers within business – such as the CTO/CIO/CMO – and try to understand the problems they face from their perspective. How do their peers identify challenges and overcome them, for example? This gives a CISO a different perspective on the problem and enhances their EQ because they can empathise, understand and think of better ways they can support wider business goals.

Do you see the CISO role evolving even more than it already has in the next few years, and if so how? 

I think we’re on a journey where CISOs are becoming more business critical and moving up the organisational structure. They’re sitting at a bigger table and moving away from the purely operational activities they still have a big responsibility for. This evolution means a CISO will need a good team to work with, solid management and delegation skills, and strong support for the more technical elements of cyber security.