Life as a CFALAHRFI
Alvaro Garrido
Group Chief Information Officer and Co-Head of Technology and Operations (interim)
As we finish off this year, I thought I’d share some personal thoughts on what life as CFALFAHRFI* is all about. Hopefully, some of these might make you think a little differently, and maybe even smile, as we navigate this increasingly complex world as cybersecurity practitioners. Here we go:
1. The CFALAHRFI job is not (exclusively, or even mostly) about chasing the bad guys. You wished.
2. Deliver, yes, deliver. But managing senior stakeholders (regulators, board, business leaders) is your (other) main job. Over-communicate. Work systematically on feeding the formal channels but actively develop the informal ones. Bring people along. Remember you have zero (or very little) power. Your success relies 100% on other functions delivering.
3. As you focus on managing sideways, upwards, and out, get the best team you can afford to run your factory. As a rule, at least 50% of them should be better than you and, eventually, replace you. Keep them happy, stretch them, pay them well and make sure they have a life outside work.
4. Technology. Less is more. Simplification and ruthless consolidation are key. Learn to let go the latest 10-20% most advanced features. Be careful if you attend RSA, you might fall into temptation.
5. Security is not a dark art. It’s a very systematic, data driven, even repetitive, craft.
6. Metrics are your friend. Metric to death, it helps you focus the energy and keeps everyone informed and, sometimes, even happy.
7. Only 3 things can ‘kill’ you in this line of work: 1. A breach 2. Stress 3. Boredom. Keep them in mind and work actively to avoid all 3. Take your work seriously, but don’t take yourself too seriously.
Recommended by LinkedIn
8. Avoid the mental trap of thinking that, “as a CFALAHRFI, at most, you can draw the game, but you can never win it”. There are multiple ways this job can be rewarding. Even in the short term.
9. Balance. Judgement calls. You probably don’t want to be the CISO of the safest, slowest bank in the world. Frictionless security.
10. Know when to go and plan for it. If "3" is true, you owe this to your team.
As always, happy to hear more views (and also tips!) on surviving, thriving and making a positive impact in this space in the New Year!
#Cybersecurity #Team #Culture #PeopleMatter
*CISO For A Large And Highly Regulated Financial Institution.
Head of Information and Cyber Security EMEA at Vanguard | Risk Management Expert
1yThis is so true and great advice to the wider Cyber community
CIO - OTR / Viva Energy Retail
1yGood thoughts Alvaro Garrido Thanks for sharing.
Great post 👍🙏
CISO - Data Engineering at BBVA
1yHey Álvaro, good food also helps - cochinillo, Segovia… ring any bells?
Executive Director & Head, ICS (Info & Cyber Security) Risk Management, Business, Markets, Functions & TSRA (Threat Scenario-led Risk Assessment) at Standard Chartered Bank
1yVery insightful Alvaro. You have articulated the importance of a great team so well, "Keep them happy, stretch them, pay them well and make sure they have a life outside work", love it. 😁