Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How and why to hire a CISO

Doug Drinkwater | June 6, 2017
If you haven't yet hired a chief information security officer, you're not alone. Here are the considerations for creating the position and making the hire.

Although just two months in, Triant says Clark is already having a positive impact. “Could it have happened two years ago? It could have, but it might not have blended too well,” the CEO adds, citing the firm’s move from Redwood to Austin, Texas.

Others have taken the plunge, even small- to medium-sized businesses. Derek Kramer, CIO at Service King Collision Repairs Centers hired CISO Anil Varghese last year and has already seen numerous benefits. “Immediately, we were able to enact a plethora of organizational policies that quickly promoted and raised awareness of proactive security programs and practices,” he says.

“This quickly built a more secure environment, and teammates became more aware of best practices related to information security. Additionally, we have built our security staff while partnering with many of the top security companies to ensure we are at the forefront of protecting all consumer and business partner data,” says Kramer.

 

Navigating the recruitment process

Navigating the recruitment process in any job is a maze. There’s the under-qualified, the over-qualified and the bluffers -- and that’s before you talk about recruitment agencies. The consensus is that businesses should define what they want first in a CISO.

“The old saying goes ‘never go shopping when hungry’,” says Katz. “Figure out what you want. Do you want a technology expert or a security executive? I would say a security executive because they’re going to save you time and money.”

Seranova’s Triant and Clark agree. “Are you looking for a doer, an architect, someone to maintain infrastructure or someone to build some scratch?” asks Triant. “Do more than just wording a job description. Think strategically about how you want the role to be executed, and take time to map it out” adds Clark.

In the case of Seranova, Triant wanted a strategic leader who could get their hands dirty, too, and Clark’s role now sees him liaise directly with sales teams on products and services as well as set broader security strategies.

This was borne out of board approval. “My board gets security. They realized it was going to create more value for the business,” says Trian. The detailed recruitment process took six months.

In the hiring process, Triant went beyond the traditional references and LinkedIn recommendations, taking applicants out for coffee, getting other departments to interview candidates, and finding if there’s a culture fit.

For Darren Argyle, newly appointed first-ever CISO at Qantas, businesses should also be prioritizing candidates who go beyond security and understand business. “Beyond the real world cyber security experience, they should have a firm grasp of finance, leading teams/developing people and be strong collaborator/stakeholder manager.”

 

The CISO approach to recruitment 

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.