A boot camp run ahead of CyberCon this week aims to build future CISOs’ peer networks and business communication – skills that could help them make the transition into a security executive role.
It’s the second year the RSA Conference CISO Boot Camp has been held in Australia, in conjunction with the Australian Information Security Association (AISA), the organiser of CyberCon.
This year the boot camp’s co-chairs are longtime Thales Australia and New Zealand CISO Ben Doyle and Cyber Resilience Group founding partner and former Endeavour Drinks CISO Grant McKechnie.
Speaking to the iTnews Podcast, Doyle said Australia was the first country outside of the United States that the boot camp had been run.
It took in about 100 would-be or recently appointed security leaders in 2023 and will do the same this year.
Doyle chaired the inaugural boot camp last year, but has taken on a co-chair this year, in large part to bring different skills and expertise to the table.
“I think the boot camp needs to change year on year in terms of what’s being presented,” Doyle said.
“I’d expect the co-chair this year, Grant McKechnie, will be able to be the chair next year and design the boot camp as he would want it, with the expectation the following year, he brings on a co-chair, which is basically the training of [someone else in] how to run a boot camp.
“That would mean every two years, a new person gets a chance to design it how they want to. This model means we have a strong program that can be sustainable over time.”
Writing on LinkedIn last year, Doyle said his “underlying mission [was] to draw on my long CISO experience and build a day of topics that many new CISO’s (especially coming from operations and technical roles) may not readily understand would be pivotal to the success in their careers as a cyber executive.”
He told the iTnews Podcast: “One of the big things I drove last year, and plan to drive very solidly this year is the importance of a strong peer network, which is one of the best capabilities I’ve leant on throughout my career.
“There are some people in the technical space that do have good peer networks, but it’s not the default, because they’re so operationally focused.
“However, especially when you go into that management CISO role, your trusted peer network is your best capability – not only from a threat intelligence perspective, because guess what? The best threat intelligence you’ll get is the stuff you don’t pay for, and you’ll get a lot quicker with more nuance than other things once you build that network out.
“But it’s also what I call ‘group therapy’ sometimes. Because, when you want to talk through your frustrations, at least you have a group of people who potentially understand what you’re going through.
“So that peer network is a key tool that most people don’t realise is going to be so powerful through their career.”
Communication skills development is another area of focus at the boot camp.
“Communicating tech versus communicating business is very different – and you’ve got to communicate to more non-technical people than technical people when you’re at CISO level to be successful,” Doyle said.
“I think the difference is when you’re dealing with tech, it is very logical. It is very black and white.
“But when you get into the executive side, it’s not as black and white, because you’re dealing with all sorts of other side threads that you may not be an expert in, which are a lot more grey potentially and which has a different language in some cases, and it’s very hard to explain potentially what the issue is.
“If you have to lean into legal or public relations, the expectations, are very different.”
One of the changes at this year’s boot camp is that security leaders at vendors and managed services providers are included, in addition to from more end user type organisations.
Doyle said this was in part a recognition that these kinds of services are often engaged by smaller companies that may not otherwise be able to employ a full-time CISO but still required those skills in some form.
“Why shouldn’t we be training those [people] in terms of what our behaviours, cultures and values are as a cyber community?” Doyle said.
Doyle said he had become involved in the CISO boot camp because he was personally interested in knowledge-sharing and training the next-generation of security leaders.
He has been with Thales in A/NZ, initially as its CSO and then CISO, for a combined 21 years.
“I’ve spent so much time in the community [that] I want to be able to give back,” he said.