The panel, which included Sandra Gobert (Executive Director at Guberna), Ronny Depoortere (President at Zetes People-ID Division), Marie-France De Pover (General Manager at KBC Group Compliance), Karine Goris, (Chief Security Officer at Belfius) and Dirk Lybaert (Secretary General at Proximus), was moderated by Marc Vael (President at SAI vzw).
One of the most pressing challenges in the ever-evolving cyber security landscape is the search for effective leadership. The increase in cyber threats has dramatically heightened the strategic importance of cyber security. As a result, today’s cyber security leaders must possess an impressive range of diverse skills and qualities.
“Chief Impossible Skillset Officer”
“A CISO must first and foremost be able to convey technical information to the board, a group that does not share the same technical background. It’s difficult but certainly achievable,” said Dirk Lybaert. “A Guberna survey confirms that there are still significant gaps in technical knowledge within most boardrooms. Thus, the crucial task is ‘translation’,” added Sandra Gobert.
Considering the substantial gap between these two worlds, the panellists agreed that communication skills are now fundamental to the CISO role. “Anyone in this position must be able to inspire. This is the only way to ensure security truly becomes embedded in the organisation’s DNA, which is absolutely essential for success,” Ronny Depoortere clarified.
In addition, technical knowledge and communication must be complemented by a deep understanding of how a business operates along the entire value chain. Furthermore, a CISO must be committed to learning, including keeping up to date with the latest innovations and regulatory developments. “When you add in that a CISO must be available 24/7, it’s clear that this is a hell of a job,” Dirk Lybaert remarked. Gobert laughingly agreed: “’CISO’ today could stand for Chief Impossible Skillset Officer.”
Compliance today and tomorrow
This sentiment reflects the high expectations for cyber security leaders, who must juggle broad responsibilities. As the discussion shifted to compliance, it became clear that regulatory guidance is another key aspect of the CISO role. “The CISO must ensure that the company meets its objectives while conforming with the applicable laws and regulations,” Marie-France De Pover explained. “There is a complex web of requirements, often riddled with contradictions.”
“A company claiming to be ‘fully compliant’ with all regulations is simply not telling the truth,” Dirk Lybaert stated candidly. “Many regulatory initiatives contradict each other.” He stressed that making steady progress in compliance is what grants companies their license to operate. It’s a practical approach that reflects the importance of conformity in ensuring long-term business viability.
At the same time, the panel agreed that compliance should be paired with a robust cyber security culture, grounded in resilience. This culture should extend through every layer of the organisation, ensuring that employees at all levels are ready to respond to incidents. “Incidents will inevitably happen, and everyone in the company needs to be involved in the response,” Ronny Depoortere emphasised.
A crucial element in this process is internal testing – such as simulated phishing emails – to identify vulnerable employees. Those who fall for the tests may require additional attention and training, reinforcing the idea that cyber security is not just a technical issue but a company-wide responsibility.
The panel concluded by stressing the expanding role of the CISO as a leader with deep technical knowledge as well as top skills in communication, compliance and cultivating a cyber security culture. The expectations are vast, but as the panellists made clear, these multifaceted demands are essential to safeguarding organisations in an increasingly digital and threat-filled world.
On the picture: panellist Karine Goris, Director of the Cyber Security Coalition