Our study "From enforcer to influencer: Shaping tomorrow's security team" defines the most important recommendations for chief information security officers. Chief information security officers not only have to manage cyber risks, they also have to think about the success of the company. This can be achieved, among other things, through good communication with other decision-makers as well as through political skills and the willingness to take a pragmatic and goal-oriented approach.