Andesite’s Chief Product Officer, William MacMillan, wrote an article for Security Management magazine about the lessons on change management that he learned as the CIA CISO.
“Organizational change management is inherently anxiety provoking. Focus that change management effort on cybersecurity and you’ve made a stressful, complicated task even more fraught…When you avoid the typical traps, build alignment, and act with conviction and consistency, success is possible. That was the situation I found myself in at the U.S. Central Intelligence Agency (CIA) in the early 2020s. These are the lessons drawn from that daunting but ultimately successful effort. “
“In many organizations, business leaders feel that cybersecurity is a drag on their productivity, and cybersecurity practitioners think that business leaders “don’t get it.” It doesn’t have to be this way. There are principles that can help leaders achieve alignment between cybersecurity and the organizational mission.
“A fundamental principle that should guide alignment is that cybersecurity risk and operational risk are indivisible. If this principle is violated, alignment is impossible.”