El Diario del CISO El Diario del CISO (The CISO Journal) Edición 8 | Page 4

Thoughts Thoughts EL DIARIO DEL CISO (THE CISO JOURNAL) Thinking and Working for a Digital Security Leader Thoughts of LSD The experiences that every Digital Security Leader must live Andrés Ricardo Almanza Junco Talking about learning in people's lives, among many other things, goes through the experiences that each individual experiences. Each experience therefore becomes a catalyst for scriptural learning in the core of the person who redefines what they know, and above all that they fill the individual with tools for the future. In this same way the growth of digital security professionals comes not only because of the training that this has drawn during the development of their path, that must be added the set of experiences in the development of their function that make a compendium of learning that make their performance better and better. Therefore, the experiences of all digital security professionals are a key tool that must first assume living said professional and as a second face so that their development and growth is guaranteed and in that way their learning and the way in which each day more important results in the organizations it serves. The experiences therefore are just another way of learning, unlearning and learning what is known and above all what you should know how to do as a digital security professional. Among some of them that are key are: 1. Experiencing a digital security breach: A security breach and getting out of it causes the security professional not only to learn, but also to unlearn many of the already defined knowledge. A security breach proposes not only to have key technical knowledge to get out of the breach; it also requires a security professional to develop other skills such as resilience, communication, and leadership as key tools to get ahead. A security breach teaches among other things: 1) The inevitability of failure, 2) we can all have weak points, 3) Everything is susceptible to improvement. 2. Test your skills : A good way is through CFT (Capture de Flags) or any type of space in which you can test all your knowledge, likewise you should be aware of the news circulating and have good sources of feedback about the digital reality that today is becoming more dense. 3. Test your skills : A good way is through CFT (Capture de Flags) or any type of space in which you can test all your knowledge, likewise you should be aware of the news circulating and have good sources of feedback about the digital reality that today is becoming more dense. 4. Expand your capabilities framework: You must be willing to continue to improve your technical and non-technical skills that are required regardless of the level of career in which the digital security professional is located. It is not asked to be experts in technology but to have clear skills to discern within the framework of the concept of what is being worked on. 5. Team work (network, blue, purple team): It is necessary to build work teams and approach each other's ideas to understand the life cycle of an attack, what to do in each moment and how to deal with an incident of the best possible way. Therefore, to experience teamwork in any color that is chosen is a learning experience to be able to face reality better. 6. Business conversations: It is normal to see how digital security professionals spend much of their day in the environments they manage, manage and are experts. They spend very little time with business managers and much less seek spaces to talk with them and try to understand a little other vision that are key, it is necessary for security professionals to leave their jobs and talk with key people of the organization. This gives them: 1) visibility, they are recognized 2) expansion of their vision, 3) opportunity to develop new initiatives 4) possibility of being innovative in the solutions to offer. 7. Mentality of Serving: One of the great ailments of security professionals is precisely that they do not understand that their primary function is to serve the organization, they serve with all the accumulation of knowledge they have. To develop and experience the service attitude is key to the development of its function; it allows creating connections and solid relationships that serve well for the development of its functions. Serving elevates levels of empathy with people, elevates the level of leadership and confidence. A service mentality for a security professional elevates it to another level. 8. Relate security breaches with the operation : Not only is it possible to know which tool to have, to have the experience of relating the operation to the security flaws is key to be more specific when defining ways to protect yourself. 9. Have a personal brand: A personal brand for a security professional is key not only for the development of their functions but for the development of their career, the personal brand is the mark that makes them who they are and is the way to create remembrance in others, to be aware of what is happening, to be clear and, above all, to promote the value of your brand is key to the sale of the security initiatives that it must carry out. 10. Sell: Digital security is not a project, and should not be treated as such, selling security within the organization involves thinking about making additions to the values of the organization and that a new way of seeing and acting in the dynamics of the deal. Every professional must therefore experience being a seller not of security projects but of a new way of making a business more reliable in a digital reality like the one existing. . [email protected]