A great CISO can embrace innovation and new business goals, but at the same time, knows how to create awareness about security risks, says Luisella ten Pierik, CISO of regional grid operator for electricity and gas Stedin and manager of their CIO Office. Luisella is the vice chair and secretary of the CISO Platform’s board.
“Becoming the CISO of Stedin wasn’t the most logical career path for me. After having studied Chemistry, I discovered my interest in IT and moved on to become an SAP Security Consultant. However, after speaking to my colleagues in Information Security, I was drawn in by their passion and excitement for the topic.”
In the years that followed, Luisella was able to gain experience in the information security world through education, on-the-job training, and hands-on learning. She has now created a proactive security policy, built a security team with twenty employees, and initiated a cyber defense center with 24/7 monitoring, all with a focus on both the IT and OT domains.
“When you get to that point where people actually understand what you’re talking about, and why information security is so important – that’s where my job becomes fun.”
“The best part of my role is the balance between making new, innovative things possible, while at the same time managing risks,” Luisella says. “I see my role as an enabling one: how can I make sure that the organization can expand and improve, but ensure that this happens in a secure and resilient way? I always aim to engage in conversations with my colleagues. When you get to that point where people actually understand what you’re talking about, and why it is important – that’s where my job becomes fun.”
Embracing innovation
Innovation can never be stopped, Luisella argues. The CISOs that resist change, or try to hold things back in an organization, are the ones that will be easily burnt out. “You’re not there to make everything completely secure. You’re there to find the right balance between opportunities and risks. Once you find that mindset and can move along with the organization and its changes, your role will be a lot less lonely.”
“Telling people what to do never works. Instead, let people think for themselves and take on the role of connector.”
It’s not worth fighting things that cannot be stopped, she adds. “Think about AI: changes are going to happen anyway. You’re going to have to embrace it, but at the same time, make sure people become aware of the downsides if we don’t deal with it properly.” It’s about starting the conversation in the organization, Luisella notes. “We should be asking them: what’s the best way to act? Telling people what to do never works. Instead, let people think for themselves and take on the role of connector. By appealing to your colleagues’ knowledge and abilities, you will empower them.”
The strongest link
The security world is often wrongly labeled as a man’s world, Luisella says. “It’s definitely not a man’s world. We just happen to have a lot of men working in the sector at the moment. If we keep calling this a man’s world, we relinquish ownership to men. Instead, it belongs to all of us. What symbolizes the security world is the passion and the knowledge that people in the field have and want to share: this fosters a culture of inclusivity.”
“If we keep calling this a man’s world, we relinquish ownership to men. Instead, it belongs to all of us.”
This idea of sharing knowledge is extended in Luisella’s way of leadership. “The people in the organization are the strongest link. As CISO, I want to make sure I enable them to do the best job they can, because that will benefit the organization as a whole.”
The CISO community
The CISO community is the place for Luisella to get in touch with other CISOs. “A CISO is not a cyber hero that knows everything, a CISO is just a human being with doubts and insecurities. I see this community as a place where we can be vulnerable because we’re with colleagues who have experienced the same things. Together, we can have discussions, solve problems – or maybe just vent frustrations. That’s where the power of the platform lies.”