Be Comfortable Being Uncomfortable: Managing New Roles and Next Steps
The New CISO - A podcast by Steve Moore - Joi
Categories:
In this episode of The New CISO, Steve is joined by guest Mike Kelley, CISO of the E.W. Scripps Company.Mike worked as an auditor before eventually jumping into cyber security. Reflecting on his past, Mike shares how balancing ambition with transparency is critical to success. Listen to the episode to learn more about Mike’s auditing experience, falling into cyber security, and his advice for CISOs when interviewing.Listen to Steve and Mike discuss how leaders should assist their team with career development and why “fake it until you make it” makes for bad career advice:Meet Mike (1:44)Host Steve Moore introduces our guest today, Mike Kelley.Mike shares his role in the enterprise and consumer-based security field and how his duties differ from those in an internal security environment. Although he would say that consumer-based security is not clearly defined, his goal is to keep all things related to the consumer secure, in addition to the typical CISO goals.His Start (3:36)Before working at E.W. Scripps, Mike worked at KPMG, one of the big four firms. There, Mike performed external audits but also did some compliance consulting as well.Although no one wanted an auditor there, especially to answer his questions, Mike had to work on building a rapport with people in difficult situations. Through this role, Mike was exposed to numerous companies, allowing him to learn constantly. He may not have wanted to start in audits if he could do it all again, but this experience prepared him for his cyber security career.Adapting With Transparency (9:02)Mike has become comfortable with being uncomfortable and transparent when he doesn’t know something. When he got his CISO job, he told HR that this position was new to him and that he had a lot to learn. Being confident enough to say “I don’t know” is Mike’s mental motto because he knows he can adapt to new challenges. Ultimately anything is learnable as long as you push yourself, a mentality he encourages in his team.The Burn the Boats Method (17:42)After reflecting on his career decisions, including telling a company to fire him if he didn’t succeed as a director, Steve presses Mike on how he would react to someone sharing this approach.If one of Mike’s employees wanted to try a position out and see what happens, Mike would like to ease them into that role. He would let them transition through responsibilities first before changing that person’s title. Ultimately, trying and failing is okay, but Mike wants his team to fail soft versus hard.Falling Into Cyber Security (21:42)After looking for cyber security jobs for three years, Mike eased into this field through a position in compliance. Working side-by-side with security professionals, Mike was able to dip his toes.After lunch with his manager, he was offered the CISO role, and Mike immediately said yes. Mike admitted he didn’t know what he was doing but was encouraged to take this job.Rolling With It (25:01)Steve asks Mike if he ever wishes he said no when offered the CISO job. Mike knew this was the field he wanted to pursue, and he felt comfortable being transparent about his experience.Interview Questions (31:18)If you are a new CISO wanting to ask good questions in an interview, Mike suggests asking the purpose of that role at that company. Another helpful question concerns the company’s approach to trying new things and handling challenges.The Definition of Success (34:13)When evaluating a company during an interview, it’s essential to find out what that company’s definition of success is. Mike defines success as being aligned with the business that employs you and being seen beyond the...