Cyverity

Get Started

What Rattles Around in the Mind of Your CISO?

african american man using computer

Speaker: Russell Eubanks

Event: Wild West Hackin’ Fest

Date: October 7, 2022 

YouTube Link: https://www.youtube.com/watch?v=1HsfjvwaSbI  

  

Introduction 

Russell Eubanks began his career working manual labor in a factory—a physically demanding environment. Seeking more, he pursued education through courses offered by his employer and transitioned to cybersecurity. Over the years, he climbed the professional ladder to hold titles such as Senior Vice President, CIO, and CISO of the Federal Reserve Bank of Atlanta. 

This talk aims to provide insight into the mindset of a CISO: how they lead, think, and strategize to balance technical responsibilities with business objectives. 

 

Key Lessons

1. Get Wisdom as Cheaply as You Can

Russell’s first piece of advice is to avoid learning lessons the hard way by gaining wisdom through others’ experiences. He encourages: 

  • Networking: Attend events like Wild West Hackin’ Fest to connect with peers and learn from shared experiences. 
  • Mentorship: Seek out advice from others who have navigated similar challenges. 
  • Continuous Learning: Stay curious and humble to absorb lessons without repeating mistakes.

2. Manage Up

Russell emphasizes the importance of communicating effectively with leadership. While he dislikes the term “manage up,” he acknowledges its necessity in ensuring leaders understand: 

  • The team’s goals and challenges. 
  • The connection between cybersecurity initiatives and business objectives. 
  • Risks and opportunities in terms leaders can relate to (e.g., financial impacts, regulatory compliance).

Key Strategies: 

  • Learn the “language of business” to frame cybersecurity in terms of organizational goals. 
  • Simplify technical information into actionable insights for decision-makers. 
  • Use visual aids (charts, graphs) to make risks and achievements more digestible.

3. Understand the Mission

Every organization exists for a purpose beyond cybersecurity. For example, Nordstrom’s mission is to “provide the most compelling shopping experience possible.” 

Takeaway: Cybersecurity should align with and support the organization’s mission. Every task—from analyzing logs to responding to incidents—should ultimately serve that mission. 

 

4. Lead Down

Effective CISOs must engage and support their teams by: 

  • Understanding Their Perspective: Recognize challenges faced by individual contributors and managers. 
  • Succession Planning: Identify and mentor future leaders to ensure continuity. 
  • Clear Communication: Ensure the team understands strategic goals and how their work contributes to broader objectives. 

Russell highlights the importance of asking key questions to gauge operational readiness, such as, “How long can you stand to not know if the running configuration on a production firewall has changed?” 

 

5. Build Peer Relationships

CISOs must collaborate laterally with other departments, such as: 

  • Finance: To secure budgets and justify investments. 
  • Operations: To integrate cybersecurity into daily workflows. 
  • Facilities & Physical Security: To align on broader risk management goals. 

By fostering these relationships, cybersecurity becomes more relevant and actionable across the organization. 

Actionable Steps: 

  • Attend departmental meetings to understand their priorities. 
  • Simplify cybersecurity guidance into actionable items for non-technical staff. 
  • Promote accountability with clear expectations for incident reporting (e.g., “When you see something, say something”).

6. Hold Yourself Accountable

Russell’s personal practice is to identify three things each day that only he could do.  

This daily self-assessment ensured: 

  • High-priority tasks were addressed. 
  • He maximized his unique value to the organization. 
  • He maintained focus on strategic objectives. 

 

Personal Reflections 

The Decision to Leave the Fed 

On March 9th, 2020, just days before the global pandemic reshaped the world, Russell decided to leave his role at the Federal Reserve Bank of Atlanta. His decision was rooted in a desire to: 

  • Transition from a corporate role to entrepreneurship. 
  • Help multiple organizations achieve cybersecurity excellence. 
  • Apply the lessons he’d learned in new and impactful ways. 

 

Highlights of His Career 

Russell’s proudest moment at the Fed wasn’t his promotions but rather the opportunity to mentor and promote a colleague to succeed him as CISO. 

 

Wisdom for Aspiring Leaders

1. Be Intentional About Time

Russell advises conducting a “calendar audit” every quarter: 

  • Identify recurring tasks and meetings that no longer align with priorities. 
  • Remove or delegate non-essential commitments. 

2. Create a Culture of Service

Borrowing lessons from Ritz-Carlton and Chick-fil-A, Russell underscores the value of exceptional service: 

  • Empower your team to solve problems proactively. 
  • Shift language from “us vs. them” to “we” when addressing other departments. 
  • Build trust by consistently delivering value. 

3. Embrace the Mission

Tie every cybersecurity initiative back to the organization’s mission. This alignment fosters: 

  • Greater buy-in from stakeholders. 
  • A shared sense of purpose among teams. 
  • Improved clarity in decision-making. 

 

Closing Thoughts 

Cybersecurity leaders must: 

  • Manage up, down, and across the organization. 
  • Speak the language of business to secure resources and align priorities. 
  • Foster a culture of service and collaboration. 

By focusing on these principles, CISOs can transform cybersecurity from a cost center into a strategic asset that propels organizations forward. 

Final Advice: “Get wisdom as cheaply as you can.” Learn from others, adapt, and grow—because the challenges and opportunities in cybersecurity are too important to navigate alone.