Skip to main content Why Microsoft Security AI-powered cybersecurity Cloud security Data security & governance Identity & network access Privacy & risk management Security for AI Unified SecOps Zero Trust Microsoft Defender Microsoft Entra Microsoft Intune Microsoft Priva Microsoft Purview Microsoft Sentinel Microsoft Security Copilot Microsoft Entra ID (Azure Active Directory) Microsoft Entra Agent ID Microsoft Entra External ID Microsoft Entra ID Governance Microsoft Entra ID Protection Microsoft Entra Internet Access Microsoft Entra Private Access Microsoft Entra Permissions Management Microsoft Entra Verified ID Microsoft Entra Workload ID Microsoft Entra Domain Services Azure Key Vault Microsoft Sentinel Microsoft Defender for Cloud Microsoft Defender XDR Microsoft Defender for Endpoint Microsoft Defender for Office 365 Microsoft Defender for Identity Microsoft Defender for Cloud Apps Microsoft Security Exposure Management Microsoft Defender Vulnerability Management Microsoft Defender Threat Intelligence Microsoft Defender Suite for Business Premium Microsoft Defender for Cloud Microsoft Defender Cloud Security Posture Mgmt Microsoft Defender External Attack Surface Management Azure Firewall Azure Web App Firewall Azure DDoS Protection GitHub Advanced Security Microsoft Defender for Endpoint Microsoft Defender XDR Microsoft Defender for Business Microsoft Intune core capabilities Microsoft Defender for IoT Microsoft Defender Vulnerability Management Microsoft Intune Advanced Analytics Microsoft Intune Endpoint Privilege Management Microsoft Intune Enterprise Application Management Microsoft Intune Remote Help Microsoft Cloud PKI Microsoft Purview Communication Compliance Microsoft Purview Compliance Manager Microsoft Purview Data Lifecycle Management Microsoft Purview eDiscovery Microsoft Purview Audit Microsoft Priva Risk Management Microsoft Priva Subject Rights Requests Microsoft Purview Data Governance Microsoft Purview Suite for Business Premium Microsoft Purview data security capabilities Pricing Services Partners Cybersecurity awareness Customer stories Security 101 Product trials How we protect Microsoft Industry recognition Microsoft Security Insider Microsoft Digital Defense Report Security Response Center Microsoft Security Blog Microsoft Security Events Microsoft Tech Community Documentation Technical Content Library Training & certifications Compliance Program for Microsoft Cloud Microsoft Trust Center Security Engineering Portal Service Trust Portal Microsoft Secure Future Initiative Business Solutions Hub Contact Sales Start free trial Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Marketplace Rewards Software development companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap

Tags

Content types

Topics

Rebecca Wynn, Global CISO & Chief Privacy Officer (CISO) of [24]7.ai , shares her advice for relieving stress in today’s CISO Stressbuster post.

In many organizations, CISO is held accountable for security breaches, yet they don’t have control over all the decisions and systems that impact cyber risks. They need to continuously prove that they are making the company safer while persuading others to change behaviors.

Building a security culture can be stressful, but it helps if people know they can count on you. As a senior information and security risk officer who has served as a CISO at several technology companies, I’ve learned that one way to increase influence is to get things done. Running a tight ship helps you prove value and gain allies. In the fourth blog in the CISO Stressbuster series, I’ve outlined four tips that will help you build a highly effective security organization.

1. Cultivate your team

The most important part of your security operation is your people. A strong team that works well together will help you deliver on your goals and prove the value of cybersecurity to the board. To ensure your team has the right skills for your organization, start by identifying your strengths and weaknesses. For example, you may need people with more experience in cloud or automation technologies. It’s also essential to think about diversity. People with different backgrounds help you avoid group-think and generate new ideas.

Training and apprenticeship programs are a great way to build skills within your existing staff. When done well, you can encourage a continuous learning culture that keeps people engaged. This is incredibly valuable because it isn’t just CISOs who are stressed. Our teams are also under a lot of pressure. Helping them grow and acquire new skills can reduce burnout.

You won’t be able to fulfill all your needs with training, but it can be challenging to find senior people with specialized backgrounds. When you do need to fill a new position, be intentional about which skills are required and which can be trained. Expand your criteria to include people with non-traditional backgrounds who can offer new insights. To encourage participation from everyone, build an inclusive culture.

2. Be a good fiduciary with your budget

Whether you work at a huge enterprise or a startup, there will always be a limit to your budget. Make smart investments to stretch those dollars farther. A great example is software and cloud services. There are many great security products available, but if they don’t work well with your current solutions, you may not get as much value out of them. Find ways to expand the usage of existing products. Make sure new tools align with your long-term strategy and that teams are well trained. Audit your technology regularly and stop paying for services that no longer meet your needs.

Strategic staffing decisions can also help you do more with your budget. For highly specialized skills or irregular tasks, it can sometimes be more efficient to outsource. On the other hand, you may need to invest in your own team to prepare for a changing business climate, such as hiring analysts with cloud expertise.

Demonstrating a proven track record of managing your budget well, builds trust with the board and other executives. This gives you more credibility when you ask for increases in the future.

3. Measure metrics that matter

Your goal as a CISO is to improve the security of the company by effectively managing cybersecurity risk. To evaluate how well you are doing, you need to track the right metrics. The number of tickets opened and closed each month won’t tell you much, but the context of those tickets can.

Set up reporting that will help you measure how well your team and tools are protecting the organization. Some possible examples include:

  • Time to remediate (TTR) an incident allows you to track how long attackers have access to your resources.
  • Number of users with privileged access will help you keep the number of people who can access sensitive information as low as possible.
  • Number of systems with vulnerabilities can help you ensure they are regularly patched.
  • Number of unidentified devices on the network.
  • Number of staff who have completed security awareness training.

4. Adapt your communication for your audience

Making things happen as a CISO requires that you influence others. Whether that is encouraging different behavior from your team, persuading the board to approve a budget increase, or convincing other business leaders to take security seriously, communication is key.

Effective communication starts with good relationships. When I first join a company, I immediately work on building partnerships with other business leaders. If they have issues with the security team, I work on getting those ironed out. This paves the way for me to have conversations about how we can work together to improve security.

As you work with colleagues to make progress on security objectives, it helps to be agile. Listen during meetings to try to understand what’s working and what’s not. Flex your language depending on who’s in the room. When people understand how they will benefit from security, they are more likely to get on board.

Looking ahead

Safeguarding your company against cyber threats is rewarding work, but it also comes with a lot of pressure. To help you manage the stress, the CISO Stressbusters blog series will feature advice from CISOs from a variety of different companies and industries. Stay tuned for the next CISO Stressbuster post for more advice from others in the trenches.

Did you find these insights helpful? What would you tell your fellow CISOs about overcoming obstacles?  What works for you? Please reach out to Diana Kelley on LinkedIn if you’re interested in being interviewed for one of our upcoming posts.

Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

 

Rebecca Wynn

Global CISO & Chief Privacy Officer

See posts by this author
Microsoft

Microsoft Security Team

See posts by this author

Related posts

Get started with Microsoft Security

Protect your people, data, and infrastructure with AI-powered, end-to-end security from Microsoft.

Learn how

Connect with us on social

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Marketplace Rewards Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads