[BreachExchange] The Many Roles of the CISO as Viewed as ‘Star Trek’ Characters

Destry Winant destry at riskbasedsecurity.com
Thu Aug 29 01:14:13 EDT 2019


With the upcoming release of the latest “Star Trek” series, “Star
Trek: Picard,” we’ve been reflecting on the many characters that
graced the screen during the hit prequel series, “Star Trek: The Next
Generation.” Looking back at the most central characters, each brought
their own unique set of skills and expertise to the Enterprise. This
range of capabilities mimics the multifaceted role of today’s chief
information security officer (CISO).

Digging a bit deeper reveals several real-world lessons that security
leaders can apply to their daily lives. There are two exceptions to
this exercise. The first is Dr. Beverly Crusher, since her character
was primarily focused on the well-being of the humanoid crew, one of
the few tasks that hasn’t yet been assigned to the CISO. The other is
the legendary Captain Picard himself, because CISOs aren’t yet
captaining the ship.

You may not be able to pilot a starship quite yet, but the examples of
these other beloved Star Trek characters could help you figure out how
to become a CISO with the right blend of talents to navigate beyond
the known cyber universe.

Lt. Worf — Prepare Your Incident Response

It’s easy to see how the role of CISO parallels that of Lt. Worf.
Standing at the ready, Worf monitors dashboards and long-range sensors
for indications of potential trouble ahead. The CISO, much like Worf,
needs to be on top of the enterprise’s defenses and sensors. As the
saying goes, use peacetime wisely, which Worf puts to good use when he
runs regular scans and tests of the ship’s incident response systems.

Should a response be required, Worf uses clear and direct language to
communicate with the rest of the bridge’s leadership about their
options and the result of their actions, similar to how a CISO should
act during a security incident. Worf’s presence on the bridge might
have been questioned at first — after all, why would someone from a
planet far away from Earth’s known business universe be given a
permanent post on the bridge? — but his sharp analytical skills and
ability to direct effective countermeasures has saved the ship more
than once.

Advice for security leaders: Channel your inner warrior and prepare
for anything, but realize that sometimes, the best response is a
diplomatic one, not a military one. Work on empathy and communication

Lt. Cmdr. Geordi La Forge — Ensure Business Technology Is Resilient

Organizations today are nearly completely reliant on the proper
functioning of technology. Think about it: Could your organization do
business without networks and computer systems? Ships like the
Enterprise also depend on technology to accomplish their mission
objectives — in fact, the Enterprise is a model of the integration of
IT and OT — but someone has to keep an eye on all that technology.

That’s where Lt. Cmdr. Geordi La Forge shines for his ability to
provide deep insights into the ship’s systems. Geordi has the
technical chops and the scientific mindset required to get to the root
cause of issues. Whether it’s a broken warp-core reactor,
malfunctioning dilithium crystals or strange electromagnetic signals,
Geordi analyzes, repairs and tests the ship’s systems to ensure it’s
capable of carrying out mission objectives and is resilient enough to
withstand whatever it will encounter on the way.

While an increasing number of CISOs have left their technical roots
behind — or came from an ever-increasing array of other fields — the
ability to get to the bottom of issues is key, and so is the ability
to translate deeply technical concepts into metaphors that leadership
will be able to grasp.

Advice for security leaders: Use your skill set to shed light on
things that are of strategic importance, but are hard for others to
comprehend. Realize that even a small misalignment can have dramatic
consequences, so develop tools to check configurations and improve
visibility into the health of key systems.

Lt. Cmdr. Data — Connect the Security Dots

The show simply wouldn’t have been the same without the peculiar, yet
fascinating character of Data. Not only was Data extremely good at
interfacing with computers and all things electronic, but his
positronic brain also allowed him to deal with the vast quantities of
information coming across the ship’s sensor network and avoid getting
distracted by more trivial matters.

For all of Lt. Cmdr. Data’s limitations stemming from his nonhuman
nature, his ability to think differently and consider all angles has
saved the Enterprise many times. Of course, he worked hard to improve
his ability to read the subtext of human behaviors, which helped him
improve his interactions with the rest of the crew, especially

Advice for security leaders: Tap into your strengths to help identify
and connect the dots that matter in this increasingly connected
digital world. Work through the awkward moments to achieve better

Counselor Deanna Troi — Tap Into Your People Skills

One of the more human-centered characters on the show, Counselor
Deanna Troi spent her time probing and resolving intellectual and
emotional misalignment of her fellow executives. Counselor Troi’s key
skills are obvious, especially in contrast to the rest of the
Enterprise’s leadership: empathy, communication, negotiation,

Without her ability to communicate between silos, negotiate acceptable
paths forward, and use empathy to help others feel at ease and
listened to, the Enterprise would have met a dire fate more than once.
While other leaders on the ship sought to solve technical, scientific
and tactical issues, Counselor Troi employed a human-centered approach
to achieving resolution.

Advice for security leaders: Tap into your people skills to observe,
listen and communicate. Be ready to listen before offering solutions,
and to negotiate when security and privacy problems appear. Remember
that you’re on a team, and together you can find a way ahead.

Cmdr. William Riker, aka No. 1 — Act as a Trusted Adviser

Wherever the captain was, you were also likely to find his No. 1,
Cmdr. Will Riker. Although Riker’s role was often to carry out Captain
Picard’s directives, he also acted in an advisory capacity, even if
only as a sounding board for the captain. For many CISOs, being a
strategist and an adviser means walking in No. 1’s shoes, being right
there with the rest of leadership, helping them reason out the risk
implications of their choices, advising them on alternatives, and yes,
often just simply carrying out their wishes.

Advice for security leaders: Work to find your place on the leadership
team. Remember that sometimes, you may start out as a strategist and
trusted adviser before assuming more responsibility.

Enterprise Computer — The Voice of Reason?

Admit it: If you were asked to name the characters on the Enterprise,
few of you would have mentioned the Enterprise Computer. Yet the
enterprise’s computer was both the voice and the ears of the ship.
There were few places on the ship where you would not have been within
shouting distance of the ship’s computer. Similarly, it was always
there when you needed it, whether it was responding to a simple query
about the weather, how far to our destination given our current speed
or, in the heat of battle, just how much shield percentage was left.

If you had a question, the ship’s computer was always there ready to
answer. But the ship’s computer was also always listening, always
aware of happenings up and down the command chain and always ready to
provide the latest status of key risk and performance indicators.

It’s this ability to have an “ear to the ground” that serves CISOs
well today. A CISO in the dark means an organization in the dark. For
CISOs, cultivating the ability to listen and be in the know is a
critical skill as the pace of change continues to speed up. Waiting
for the next monthly executive meeting or the next quarterly board
update simply isn’t wise when the ship is moving at the speed of

Advice for security leaders: Much like the ship’s computer, be
present, be in the know and be ready to help.

The CISO as the Perfect Blend of Star Trek Characters

As life imitates art, organizations today are embarking on a digital
transformation journey that is likely to take them far from the known
cyber universe. Much like the Starship Enterprise, organizations must
rely on a broad range of tools and talent to accomplish their mission
and live another day.

As our world is increasingly dependent on IT, OT and data, CISOs are
key to helping the captain steer the ship toward the solar winds of
profit while avoiding the plethora of environmental obstacles and
sentient attacks that seem to appear around every corner.

More information about the BreachExchange mailing list