Light Dark
March 23, 2017 By Christophe Veltsos 3 min read
CISO

“Each person’s behavior toward the other determines whether the relational dimension leads to a conversation that is rich or poor. In other words, what you do will influence what they do: if you confront them, they may confront you; if you try to appease them, they may take advantage of you and then feel aggrieved if you then change tack and become more assertive.” — “Talking the Walk,” a publication of The Partnering Initiative.

Why should chief information security officers (CISOs) consider themselves as digital trust diplomats? It is undeniable that today’s CISOs have to play multiple roles. They must be able to converse about deeply technical and complex issues one minute and translate how all these issues can impact the company’s bottom line the next.

One of the skills that is becoming more necessary for CISOs is diplomacy. However, diplomacy isn’t confined to the simplistic idea of endless meetings, tit-for-tat swaps and complex, multiparty negotiations. CISOs are at the center of a conflict of unprecedented scale and significance. And yet, as digital trust diplomats, CISOs have a lot to offer, and many professionals have a lot to learn.

The CISO as a Digital Trust Diplomat

The currency of the diplomat is trust. CISOs must be tactful in their negotiations and attempts at influencing without authority. They must also be strategic enough to realize that the way forward and upward for the business isn’t just about cybersecurity — it’s also about projecting a sound approach to protecting the data entrusted to the organization. Digital trust is critical to every organization’s future health.

In the digital world, diplomacy and trust go hand in hand. According to a report by Accenture, “Trust is the cornerstone of the digital economy. Without it, digital businesses cannot use and share the data that underpins their operations.” In other words, the CISO, as a diplomat, can help build that trust internally with the C-suite and the board and externally by ensuring the organization deliver on its promises to customers and business partners.

Digital trust can be a differentiator and a competitive edge. A PwC report echoed that sentiment: “We’re in the decade of digital change in which only the fit will survive and thrive. And to be digitally fit, you need to be digitally trusted — by customers, suppliers, in fact by all the stakeholders in your business.” The report further stated that “digital risk and the need to build trust should be treated as an enterprise issue for which boards need to develop a clear risk appetite to suit their specific business circumstances.”

What’s Your Grade Level?

So, how good are you at being a diplomat? The Organisation for Economic Cooperation and Development (OECD) published a Competency Framework that outlined 15 core competencies that are key to helping organizations achieve their objectives. The framework organized those competencies into three groups:

  1. Delivery-related competencies focused on achieving results, such as analytical thinking, achievement focus, drafting skills, flexible thinking, managing resources, and teamwork and team leadership;
  2. Interpersonal competencies focused on building relationships, such as client focus, diplomatic sensitivity, influencing, negotiating and organizational knowledge; and
  3. Strategic competencies focused on planning for the future, such as developing talent, navigating organizational alignment, strategic networking and strategic thinking.

The framework provided different behavioral indicators associated with different job levels, ranging from level 1 for assistants, secretaries and operators to level 5 for heads of division, counselors, deputy directors and directors. It’s a good way for CISOs to evaluate their own competencies and create road maps to improve weak areas.

A TV Show To the Rescue?

The reports and frameworks mentioned above offer useful, if not actionable, information. However, this article came about because of a TV show called “Madam Secretary,” and the parallels between a diplomat’s daily crises and that of a CISO’s.

Starring Téa Leoni as Elizabeth McCord, U.S. Secretary of State, the show explores issues in international — that is to say, traditional — diplomacy, whether it’s a crisis in our backyard or halfway around the world. However, the show also lets viewers in on behind-the-scenes actions, deliberations and negotiations that sometimes result in successful diplomatic resolutions.

While watching the show might not improve your ability to speak a foreign language, there are many situations with strong parallels in the business world, especially from the perspective of a CISO trying to manage a near-continuous stream of crises. Your organization’s success depends on it.

Listen to the podcast series: Take Back Control of Your Cybersecurity now

 |  |  |  |  | 
Christophe Veltsos
InfoSec, Risk, and Privacy Strategist - Minnesota State University, Mankato

More from CISO
February 3, 2025

CISOs drive the intersection between cyber maturity and business continuity

4 min read - The modern corporate landscape is marked by rapid digital change, heightened cybersecurity threats and an evolving regulatory environment. At the nexus of these pressures sits the chief information security officer (CISO), a role that has gained newfound influence and responsibility.The recent Deloitte Global Future of Cyber Survey underscores this shift, revealing that “being more cyber mature does not make organizations immune to threats; it makes them more resilient when they occur, enabling critical business continuity.” High-cyber-maturity organizations increasingly integrate cybersecurity…

December 30, 2024

CISO vs. CEO: Making a case for cybersecurity investments

4 min read - Ask CISOs why they think there is a cyber skills shortage in their organization, what keeps them up at night or what the most important issue facing the industry is — at some point, even if not the first response, they will bring up budgets.For example, at RSA Conference 2024, a roundtable discussion about issues facing the cybersecurity industry, one CISO stated bluntly that budgets — or lack thereof — are the biggest problem. At a time when everything is…

December 13, 2024

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature