Chad LeMaire, CISO at ExtraHop and former CSO in the US Air Force, agrees that understanding the root cause of the disaster is mandatory, and it should guide the next steps. Any fixes, though, risk being superficial if theyβre made without that deeper context. βWhen the CISO has a clear understanding of the business, culture, security program, security capabilities, and investments, root cause, and team skills, then the CISO will be armed with the necessary knowledge and understanding to rebuild the security program,β he says.
Part of that knowledge can be acquired from genuinely listening to people. Chuck Herrin, field CISO at F5, recommends new CISOs spend their initial weeks on the job in listening mode before making big changes.
βIβd start with short, focused listening sessions across the business β with security teams, IT, developers, and executives,β Herrin says. βAsk questions like: What worked? Where do we get in your way? How do we show you that weβre here to partner, not block? How do you measure the value we provide to you, your line of business, and your team?β

