Trends and Underlying Challenges for CISOs, Aspiring Security Leaders and Executive Recruiters

What is a Best Practice, and Should You Deploy Them?

Kudelski Security released a new report, “Cyber Business Executive Research: Building the Future of Security Leadership,” that provides exclusive insights and actionable recommendations to help organizations address the biggest challenge they face – recruiting, retaining and developing the next generation of security leaders. The report was developed in conjunction with Kudelski Security’s Client Advisory Council (CAC), a cybersecurity think tank comprised of information security leaders from global enterprises.

The report identifies several trends underlying the challenge of finding and keeping qualified Chief Information Security Officers (CISOs) and their direct reports – a challenge exacerbated by the new remote work environment. For example, effective CISOs should have a 50/50 balance of technical and soft skills like communication, relationship building,and executive presence but the report found this talent mix to be extremely rare. CISOs will be required to have those soft skills to effectively navigate a new business model likely to feature remote work even after the current crisis subsides.

“Now more than ever, global businesses need to understand the evolving CISO role to both stay ahead of threats and be competitive,” said Andrew Howard, CEO, Kudelski Security. “We strongly believe that the cybersecurity industry can benefit from the shared experiences of proven leaders. Our Client Advisory Council members have provided invaluable insights for our clients, and we’re pleased to be able to offer them to the broader security community.”

“Given the current challenges we face, CISOs and CSOs need to work both internally and externally to build a pipeline of new security leaders,” said Michael Zachman, CSO, Zebra Technologies and one of the contributing Council members. “Regardless of how you choose to staff teams, it is important to identify employees with institutional knowledge, communication skills, and some ambition for career growth who can become security leaders with the right training and mentorship.”

The report offers practical advice and insights specific to three key players – CISOs, aspiring security leaders and executive recruiters. Key findings for each group include the following:

CISOs: In light of growing responsibilities under their purview, CISOs should embed cybersecurity into roles that do not normally include it so that maintaining and growing cyber resilience becomes an organization-wide responsibility. In terms of key CISO skills, 82 percent of those interviewed say communications skills are critical versus just 52 percent who believe hands-on experience in technologies is critical.
Aspiring Security Leaders: Anyone aspiring to become a CISO should establish a following in the industry. Efforts to build reputations should be consistent and deliberate, including increasing visibility in social media. Though the highest percentage of respondents (29 percent) say governance, risk and compliance positions are the best pre-CISO role, there are a wider range of roles that can also lead to a CISO position, which the report explores in depth.
Executive Recruiters: Across the board, the CISOs interviewed advise recruiters not to restrict searches to their own industry, particularly if the industry lags behind when it comes to cybersecurity. Given the amount of time it takes to recruit a CISO – an average of 6-12 months according to nearly half of respondents in the US and to 92 percent of respondents in the Europe – executive recruiters should employ a Virtual CISO (vCISO) in the interim. To mitigate risks associated with high CISO turnover and compensation, recruiters should also think more broadly when it comes to recruitment, nurturing a talent pipeline that starts with places like universities, technical schools, and the military.

In addition to Kudelski Security’s Client Advisory Council (CAC) members, the report leverages interviews and surveys conducted last year with more than 110 CISOs in the U.S. and Europe from leading global organizations. The CAC provides insights and guidance on solutions Kudelski Security delivers to their clients. Members comprise C-level and VP-level security leaders from companies including Aaron’s, Inc., AES Corporation, BKW, Blue Cross Blue Shield, BNP Paribas, Capital One, Technicolor, Urenco and Zebra Technologies.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

A head of state needs heart surgery at your facility. High-profile members of a national sports team are getting updated vaccinations. What do you do when you get the call?