As originally published in Cyber Defense eMagazine
Cybersecurity threats constantly weigh ton organizations and their CEOs. Protecting data of customers and employees, financials, and intellectual property is a serious task.
“Countless dollars and the company’s reputation is a stake”, said Deborah Page, a CSO-listed security principal who heads the technology executive search practice for The McCormick Group. “Until recently many companies have dumped the task on their IT department/ Chief Information Officer. Now CEOs understand they need a dedicated security executive to develop a formal digital and cybersecurity strategy to protect that data. But they don’t know where to start.”
Page stressed to be proactive and hire now, not reactive, waiting until after there is a breach or IT crisis. Still, creating a new Chief Information Security Officer role and determining who can fill it is uncharted territory for many.
“CEOs and I joke that a CISO does a lot more than remind employees not to use their dog’s name as their password,” Page said. “They need to be a business partner with a holistic approach.”
In addition to technical expertise, there are soft-skills and managerial acumen critical for success:
- Clearly communicate with the C-Suite and Board to gain support among all key strategic leaders.
- Make a full assessment of current capabilities – and vulnerabilities.
- Architect a cybersecurity strategy that addresses those concerns.
- Execute efficiently as a decision maker. Choices between purchasing products vs services, outsourcing the grunt work vs building an internal team, and balancing assets vs cost is crucial to long-term success.
- Coordinate between senior management, general counsel, and media relations to develop a response plan before a cyber incident happens.
Once there is an outline on what you need a CISO to accomplish it is easier to define, search for, and evaluate the best candidates.
But it’s not over. Making an enticing offer in a field that’s big on demand and short on talent is another challenge.
“Even after you know what you need and find the person that can do it, there’s still a hurdle to ensure the compensation is fair and accurate based on the marketplace and skillset”, Page said. “The supply/demand favors the candidates, and they know it. I talk to top cyber experts every day. Beyond compensation, they’ll only consider making a move if the hiring company demonstrates they are fully committed and will empower them to get the job done.”
When a CISO steps in with the executive presence to see the big picture and the technical knowledge to execute the details, the burden on the CEO and IT department is eased.
The data is secure.
“As secure as it can be. It’s not like you implement one solution and think you’re set. Cyber threats continue to evolve. Your new CISO will be there to make sure defense and response capabilities evolve too,” Page concluded.
Deborah Page can be reached at dpage@tmg-dc.com for a conversation on how to plan your CISO search.