While many researchers have investigated soft skills for different roles related to business, engineering, healthcare and others, the soft skills needed by the chief information security officer (CISO) in a leadership position are not studied in-depth. This paper describes a first study aimed at filling this gap.
In this multimethod research, both the business leaders perspective as well as an analysis of CISO job ads is studied. The methodology used to capture the business leaders perspective is via a Delphi study and the jobs adds are studied using a quantitative content analysis.
With an increasing threat to information security for companies, the CISO role is moving from a technical role to an executive role. This executive function is responsible for information security across all layers of an organisation. To ensure compliance with the security policy among different groups within the company, such as employees, the board, and the IT department, the CISO must be able to adopt different postures. Soft skills are thus required to be able to assume this leadership role in the organisation.
We found that when business leaders were asked about the most important soft skills the top three consisted out of 'communication', ‘leadership’ and 'interpersonal' skills while 'courtesy' was last on the list for a CISO leadership role.
