Trends and Underlying Challenges for CISOs, Aspiring Security Leaders and Executive Recruiters

What is a Best Practice, and Should You Deploy Them?

May 14, 2020

Kudelski Security released a new report, “Cyber Business Executive Research: Building the Future of Security Leadership,” that provides exclusive insights and actionable recommendations to help organizations address the biggest challenge they face – recruiting, retaining and developing the next generation of security leaders. The report was developed in conjunction with Kudelski Security’s Client Advisory Council (CAC), a cybersecurity think tank comprised of information security leaders from global enterprises.

The report identifies several trends underlying the challenge of finding and keeping qualified Chief Information Security Officers (CISOs) and their direct reports – a challenge exacerbated by the new remote work environment. For example, effective CISOs should have a 50/50 balance of technical and soft skills like communication, relationship building,and executive presence but the report found this talent mix to be extremely rare. CISOs will be required to have those soft skills to effectively navigate a new business model likely to feature remote work even after the current crisis subsides.

“Now more than ever, global businesses need to understand the evolving CISO role to both stay ahead of threats and be competitive,” said Andrew Howard, CEO, Kudelski Security. “We strongly believe that the cybersecurity industry can benefit from the shared experiences of proven leaders. Our Client Advisory Council members have provided invaluable insights for our clients, and we’re pleased to be able to offer them to the broader security community.”

“Given the current challenges we face, CISOs and CSOs need to work both internally and externally to build a pipeline of new security leaders,” said Michael Zachman, CSO, Zebra Technologies and one of the contributing Council members. “Regardless of how you choose to staff teams, it is important to identify employees with institutional knowledge, communication skills, and some ambition for career growth who can become security leaders with the right training and mentorship.”

The report offers practical advice and insights specific to three key players – CISOs, aspiring security leaders and executive recruiters. Key findings for each group include the following:

CISOs: In light of growing responsibilities under their purview, CISOs should embed cybersecurity into roles that do not normally include it so that maintaining and growing cyber resilience becomes an organization-wide responsibility. In terms of key CISO skills, 82 percent of those interviewed say communications skills are critical versus just 52 percent who believe hands-on experience in technologies is critical.
Aspiring Security Leaders: Anyone aspiring to become a CISO should establish a following in the industry. Efforts to build reputations should be consistent and deliberate, including increasing visibility in social media. Though the highest percentage of respondents (29 percent) say governance, risk and compliance positions are the best pre-CISO role, there are a wider range of roles that can also lead to a CISO position, which the report explores in depth.
Executive Recruiters: Across the board, the CISOs interviewed advise recruiters not to restrict searches to their own industry, particularly if the industry lags behind when it comes to cybersecurity. Given the amount of time it takes to recruit a CISO – an average of 6-12 months according to nearly half of respondents in the US and to 92 percent of respondents in the Europe – executive recruiters should employ a Virtual CISO (vCISO) in the interim. To mitigate risks associated with high CISO turnover and compensation, recruiters should also think more broadly when it comes to recruitment, nurturing a talent pipeline that starts with places like universities, technical schools, and the military.

In addition to Kudelski Security’s Client Advisory Council (CAC) members, the report leverages interviews and surveys conducted last year with more than 110 CISOs in the U.S. and Europe from leading global organizations. The CAC provides insights and guidance on solutions Kudelski Security delivers to their clients. Members comprise C-level and VP-level security leaders from companies including Aaron’s, Inc., AES Corporation, BKW, Blue Cross Blue Shield, BNP Paribas, Capital One, Technicolor, Urenco and Zebra Technologies.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Trends and Underlying Challenges for CISOs, Aspiring Security Leaders and Executive Recruiters

Related Articles

Related Events

Report Abusive Comment