Being a good CISO is more than just excelling in cybersecurity, you need to be a good manager, leader and mentor to those in your team. Former CIO and now mentor, Ramesh Ramakrishnan, uses his 30-plus years of experience in IT to talk through the key personal and practical skills C-level executives need to be effective leaders.
You’ve been in IT for three decades, how have you seen the workforce change?
I come from a business background; I started at a very early age. The earlier you start, the more exposed you are to different facets of life. From the 90s until now, one thing is constant, people who have survived crises or recessions, and who have gone the extra mile in taking risks, are ready to face anything in life.
When you make decisions, you may not achieve what you actually wanted to do, but that’s absolutely fine, because no one is perfect. There is never a right way or wrong way to do things. It’s only the best way to do things at that point in time, under those circumstances. People don’t view decisions like that anymore because it’s a very cut-throat, competitive world. Everyone wants to make the best use of time, which is fair enough. However, I feel it has become too competitive.
When I started, people still had the freedom to do what they want, experiment, fail and evolve. It’s very important for professionals who are starting their careers to redefine their thought process and embrace whatever comes their way. Sometimes you may be criticised, but you are the best judge because you know what you’ve done and why you’ve done it.
How have you seen the cybersecurity landscape change?
In the pre-pandemic world, I was always under the feeling that cybersecurity was underappreciated. But if you look at the post-pandemic world, in a matter of days, most organisations took a decision to work remotely. Many of these organisations felt they were ready to handle everything from the comfort of their homes – there was no issue with employees fulfilling their job responsibilities remotely.
However, soon the issue of security became apparent. This is when cybersecurity became a heightened matter because people started to realise their lack of security. The organisations who did not focus on cybersecurity solutions had to pay the price. At the end of the day, if you’re not able to make sure that your customers’ data is secure, there’s no point in anything else. You might be a top-performing organisation, rated one of the best places to work, but when your data gets compromised, it just swallows everything. In turn, many organisations started to realise the importance of cybersecurity and a lot more focus and education was directed at cybersecurity practices.
Now it’s more of a continuous learning process. We need to keep repeating the same thing again and again, so that people understand that it’s not just a technology, it’s their organisation’s stability.
Strong communication between the C-suite is key, particularly when reviewing cybersecurity recommendations and threats. What is the best way for a CIO and CISO to work together efficiently?
An organisation needs a good mechanism to engage with their CISO.
First, define what the basics are for the needs of the organisation. For example, the type of data, the kind of applications and the infrastructure because every organisation is different. Often, other priorities and business needs which need attention take centre stage and the basics get left behind.
Secondly, have regular meetings and discussions. What works for one issue may not work for another. Furthermore, if someone asks if you are safe and secure, the best you can say is, right now we are safe and secure. However, the moment we finish this meeting, something may crop up because we live in a very unprecedented world. New things come up, not just in terms of solutions innovation, but from those who are trying to best exploit systems as well.
Thirdly, feed these discussions upwards towards the CEO and beyond, because it’s important the transparency goes up. How you deal with cybersecurity issues and what kind of impact it has on the business is important to everyone.
How important is collaboration – sharing knowledge, ideas, issues and solutions – between sectors in IT?
It is very important. You come across people who work in healthcare, insurance, banking, manufacturing, automotive, aeronautics, all very different sectors, but often the way they approach data management and cybersecurity practices are similar. Who are we to decide that what we do in our organisation may not be relevant to someone who’s working in another.
Knowledge-sharing and cross-collaboration is important. If it works, you share it; if it’s helpful, you take it. I believe in sharing what you know and trying new things. CISOs across different industries should collaborate more, evolving the industry standards to the next level.
An interesting quote on your LinkedIn read: ‘Leadership is about people, not personal milestone nor money’ – could you speak more to that?
I’ve seen two kinds of leadership. One is where the manager is so obsessed with their personal growth, they only focus on themselves. The other is where the manager values their employees’ professional and personal growth.
People are more important than achievements. Employees tend to stick with an organisation where the leader gives attention, backing, support and motivation to them. However, it’s not just professional, it’s personal as well.
I am a firm believer that people come first and when you take care of your people, organisations thrive and sustain for a long time. Leaders are not here to simply say, you must go by the book. Academic practical brilliance is far superior to academic produce. I have come across many people who are academically very qualified, but when they enter leadership positions, it doesn’t work for them. When you put more focus on other aspects, momentarily, you may gain success, but in the long-run, you’ll be let down.
Do you have any advice for those who are struggling in their current management position to become more effective leaders?
Firstly, define who you are. Figure out what kind of leader you want to be. Today we talk about stress, anxiety and those in manager roles getting fed up. Most of the time we react emotionally to situations around us, because we are human beings. I’m not saying don’t be emotional – instead you need to find a mechanism to regulate yourself.
Secondly, be who you are. Even when you do your job to the best of your ability, you could be mistaken. There could be some preconceived notions around you and people might take your decisions personally. Leaders are burdened with a lot of insecurity today. What if I say this? What if this happens? Don’t compromise yourself too much just for the sake of thinking that. Don’t lose your individuality just because you think someone is going to judge you on something.
Thirdly, be a true professional. Today, you might be working in organisation X, tomorrow, organisation Y and in 10 years, organisation Z. It doesn’t matter, because organisations will keep coming and going – but people are there to stay. How you’ve treated them, how you’ve engaged with them is important. Help people without any expectations.
In any leadership position you are there to do the best for the people in your organisation. The moment you are in that zone, you are a true professional. It allows you to keep growing as a human being, as a professional and as a leader.
