What does it mean to be \u2018business-savvy?\u2019A broad and somewhat vague term, being business-savvy can cover everything from having a formal business education or background to demonstrating a strong understanding of an organization\u2019s mission and industry or being responsible for hands-on business deliverables.When an organization stresses the need for a CISO to be business-savvy, they are looking for someone who is "well rounded and experienced with all aspects of the business,"says Peter Jakola, a technical recruiter at Darwin Recruitment.This focus on business value is understandable in today's corporate environment. According to CIO's recent Pandemic Business Impact Survey, CEOs' top three priorities for IT leaders are Leading digital business initiatives, improving remote work experiences, and upgrading IT and data security to boost corporate resiliency.\u201cSitting in on meetings with developers, sales teams, marketing, customer service will provide a holistic view of the organization and how it\u2019s operating," Jakola says. "Sometimes managers and leaders get siloed into division and lose sight of what is going on at the company. A business-savvy CISO has a pulse on all aspects of the business, not just the security operations.\u201dThis all-encompassing perspective is key because CISOs today are expected to "bring innovation and ideas to the company and explain them in the context of business goals and risks,\u201d says Kelly Doyle, managing directorat\u00a0executive recruiting firm Heller Search Associates.The skills you needGaining an understanding of the business, of course, only gets you so far. It's what you do with that knowledge that sets you apart.\u201cOnce they understand the business, [the business-savvy CISO] possesses the skills needed to craft a strategy and secure buy-in across the business, leadership team and the board to implement the plan,\u201dDoyle says.6 key skills and traitsIn addition to the requisite technology skills, business-savvy CISOs must also:Be conversant in the language of businessPossess advanced leadership skillsHave excellent verbal and written communication skillsBe able to build strong, authentic relationshipsBe influentialHave a deep understanding of risk and the organization's risk tolerance\u201cA business-savvy CISO will understand technology but can explain it to stakeholders in business terms. He or she is someone who is naturally curious about business and knows that understanding the organization fully will make them a more effective CISO. This leader will also be able to communicate with stakeholders and put threats into a business context effectively.\u201dIn terms of personal traits that the CISO should have, self-awareness is among the most important, says Jeff Snyder, president of Jeff Snyder Coaching and SecurityRecruiter.com. That is, \u201cknowing the difference between what one can do and what one should do. Understanding how to adjust one\u2019s communication for the various audiences they encounter. They should have well-developed emotional intelligence." This self-awareness and ability to adjust the message to the audience is key because CIOs will be called on to sell security strategy to business leaders, have in-depth technology discussions with their team, and also inspire employees to recognize and avoid risky behaviors.Show your stuffWhen it comes to the top skills that CISOs should possess, storytelling just may be the most important of all. For the CISO job candidate, storytelling is an excellent way to help a potential employer get to know them quickly. Not only does it enable the CISO to discuss key business and technology topics in the context of the conversation, it also demonstrates the individual\u2019s thought process.\u201cYour ability to craft compelling business stories about your prior experience and showing your true understanding of the business \u2013 not just technology \u2013 is key,\u201d says Doyle. \u201cBe prepared to tell a story about what you did in your last organization. Did you implement a strategy and roadmap and gain board level buy-in? That\u2019s a great story to share. Did you create meaningful metrics to show security\u2019s strategic value? If you were at a company that was shifting to digital, can you speak to how you helped to secure critical data? Even better, if your company recently started selling new digital products, were you involved in product development? Or if you bring specific experience in a highly regulated industry, speak to your experience there.\u201d\u201cBeing able to sell yourself and your skillset to a company is extremely important," says Jakola. "When recruiting for CISO and other executive level roles, companies are looking at hundreds of applicants that all have solid resumes, work experiences, and education backgrounds\u201d\u201cThe way to differentiate yourself from the pack is to provide specific ways you can bring immediate value to the company. Do you have experience working in the same industry? Great, make it a point to tell them. Did you successfully complete a project that you know this company is planning or in the process of working on? Even better. Explain in detail how you oversaw this project, the headcount, budget, and the money saved or revenue generated. Companies want to know that hiring you will bring value to their team, so do not be shy in providing examples on how you provided value for your current and previous employers.\u201dQuite simply, those CISOs who can tell a compelling story about how they bring value to an organization or how they helped manage a key project are the ones that will most likely land the top jobs or will best advance their careers.