CISOs/heads of security - when capacity constraints are getting in the way of your goals, do you generally feel comfortable explaining this to your exec team? How do you approach that convo without potentially inviting doubts about your own capabilities?

2k viewscircle icon2 Comments
Sort by:
Chief Information Security Officer in Healthcare and Biotech2 years ago

In our periodic meeting, I always put a small para; about some unknown risk which can hit us and when even I feel any unknown risk looks high and bring to the spotlight.  

Chief Information Security Officer in Software2 years ago

As a CISO or head of security, your role should include managing capacity and communicating effectively with the executive team. When capacity constraints could prevent you from achieving your security goals, it is important to have a candid discussion with your team. It doesn't mean you're incapable, but that there are limitations in resources (i.e., human, technical, financial, etc.) that need to be addressed to achieve a successful outcome. In my experience, everyone is typically working towards the same goal: the success of the organization. Your exec team is there to provide support, and they need your expertise to understand the situation and make informed decisions.

Lightbulb on1

Content you might like

Yes60%

No39%

Compromised and vulnerable devices20%

Unsafe networks65%

Malicious and risky applications8%

Phishing5%

View Results