Much has been written about how cyber security has become the ubiquitous C-level concern. As organizations reduce their IT budgets, the cyber budgets continue to grow. Having an inelegant user interface may be embarrassing but missing a key cyber consideration has become career altering, or worse. On top of that, cyber security is no longer relegated to a few members of the cyber security team – every employee now can play a role in putting up cyber defenses. Few of us HAVE NOT received a totally legitimate email from our boss with a perfectly normal request. White hat hackers routinely succeed in gaining access to corporate networks while performing annual penetration test.

As the access is gained at the end point level, the individual employee becomes the front line fighter in the raging cyber war. How can a CISO recruit their non IT colleagues to fight in this war?

The modern CISO cannot be focused on the technology alone any longer. A thorough understanding of all enterprise functions is now required to ensure cyber health and readiness. A CISO must recruit champions who will help drive the cyber awareness throughout their departments. This is often accomplished by building a security council which owns the enterprise cyber security agenda.

A detailed communication plan, which may have to be customized for each department, will be necessary to build awareness and sense of personal responsibility and even pride for the company’s cyber efforts. Every communication must emphasize the business value of each cyber step, especially, if a step restricts or complicates an important business function. This may call for an experienced internal communication partner who is skilled in the company’s culture and politics.

A modern CISO must combine an unsatiable thirst for knowledge to maintain its cyber credentials, an aptitude to absorb and understand multiple corporate processes, and an ultra pleasant attitude to convince an often skeptical audience to be their champions. This is a tough but incredibly exciting lot!