I have to apply those guidelines to my own use of social media. I am very careful about what I will disclose online. There is never any mention of my family. In fact, I actually don't have any family members on my Facebook page. This is a personal safety issue. If I'm putting myself out there, I feel there needs to be a line between public and private life. And I'm a tech geek; I would like to do a lot more with it than what I actually do.

As part of my training in my first accounts receivable organization, I was told that I needed to understand every working part of the business to understand my role in it. So they made me train in every aspect of the business: The mail room, collections floor, posting, finance, IT staff, reception. I worked in every functioning role. It's humbling. And valuable. It raises awareness of what your role is in the organization--manager or director, IT or IT admin. Too often, we get caught in our silos and forget what the big picture is.

Earlier in my career, I had concentrated too much energy on regulatory compliance and audit control. Yes, it is a driving role for a CSO to ensure regulatory compliance and that the audit is passed and is running smoothly, but that is not the real and whole world of security. I had to learn to prioritize risk and communicate that need to my peers and ensure that those priorities are not dictated by audits. It's a mistake to become a checklist CSO, rather than being focused on the real role, which is to focus on the risk to the organization.