What CISOs can learn from Tyrion on Game of Thrones

Get a copy of the upcoming book "Secure Operations Technology"

game of thrones ciso lessonsGame of Thrones is a gripping, global phenomenon. One of the main reasons for its popularity is its nuanced portrayal of characters who are not 100% good or evil.

Over seven seasons, the HBO show has spun a complex web of personas. Some reveal their motivations and fears, often at perilous cost. One of the most engaging characters is the dwarf Tyrion, the youngest member of the feared Lannister house. Over the course of the series, he morphed from a drunk womanizer into the most shrewd and diplomatic character due to his uncanny ability to bend the ear of those in power.

GoT shares incredible parallels with the world of cybersecurity (E.g., The Wall can be likened to perimeter protection, White Walkers are the hackers, the Iron Throne is like the company’s sensitive data, etc.). Carrying this further, Tyrion single-handedly changed the way the White Walkers and their army of the undead fared so far. What can CISOs learn from Tyrion to fight off white walkers – er, hackers — and how can they turn colleagues into allies in the fight, as Tyrion did with Daenerys and Jon Snow? Here are some hard-won lessons CISOs can learn from “the little lion”:

Tyrion’s strengths

Over the series, we learn that Tyrion’s strengths lie in his ability to be empathetic and use people’s motivations to suit his own needs, all while being quick to identify problems (like his treacherous sister and father) and head them off. In regard to the white walkers, he’s one of the first to believe the king of the North, Jon Snow, and is critical in creating an alliance with the show’s other hero, Daenerys Targaryen, mother of dragons.

Tyrion is instrumental in getting the two power players to work together and put their differences aside in order to unite against the white walkers and their undead army. He not only facilitates the initial communication, but lays out the perils of ignoring the larger threat in favor of short-term goals. His diplomacy, pragmatism and penchant for compromise brings together Jon and Daenerys — two clashing personalities who eventually go on to become the most united front against the larger evil. He uses both his strong intellect and diminutive stature to gain the trust of those around him and get them to let down their guard. He uses these strengths to gain access and get things done — exactly what CISOs should be able to do in their own organizations.

What CISOs can do in their organizations to ring the alarm

For CISOs, it can be a bit like herding cats when trying to unite the executive suite, employees and users against hackers. Everyone has different goals, whether it be short-term profits, streamlining user experience, or simply inertia and apathy. CISOs have the unenviable task of leading a team of ragtag warriors (the C-suite) to fight off the white walkers (hackers.)

Here are some things CISOs can do that will help unite the front against their enemies:

Get C-suite buy-in from the beginning. Tyrion used his relationships with the most powerful people in Westeros to unite them in their long-term goal of survival. A CISOs job is very similar. You are fighting for the survival of your organization, and having the C-suite on board from the start to help implement and push through necessary security precautions are vital. Without the big players in the room agreeing on what the overall goal is, no real actions can be taken to stop the hackers.

Show, don’t tell. In the most recent season of the “Game of Thrones,” Tyrion used action, not words, to get his point across. He gathered all the important power players to one arena and showed them an actual member of the undead army to display exactly how real the threat was, shocking all key players into submission (for a time at least). For CISOs, it’s important to use data, past examples, studies — anything at your disposal to show how an investment in the right security solutions can make a difference and help protect your critical data. Showing and not telling can sometimes be the most powerful tool at your disposal.

Know who you’re dealing with. You may work with personalities who understand the significance of your goals (a la Jon Snow), or you could be working with someone who prefers to bury their head in the sand and is more preoccupied with short-term goals (like Cersei). Know which personality you’re dealing with, their motivations, and share how they could lose if nothing is done to stop hackers. Both fear and the likelihood of success are powerful motivators, and it’s the CISO’s job to invoke either in the right situation.

Tyrion can teach us a lot about business through his expert use of communication and diplomacy to bring an organization together to fight against hackers. His quick-thinking and pragmatism are attributes that are highly sought-after in CISOs, because they are often the warning system to a company of what could happen or is happening right now.

CISOs who are frustrated by the lack of a clear pathway or conclusion can remember to heed Tyrion’s lessons of putting pride aside and collaborating with the entire team — even if you don’t entirely agree with them — in order to accomplish your singular goal: keeping the bad guys outside the wall.