Recruiting and Retaining Security Leadership Rests on Deepening Your Bench

By | Managed Services News

May 13

Here are tips on recruiting and retaining CISOs.

Recruiting and retaining qualified CISOs and their lieutenants is challenging in the best of times. It’s even more difficult during a pandemic when the new work-from-home environment often impedes work relationships and dampens company loyalties.

A new report by Kudelski Security and its Client Advisory Council (CAC), a cybersecurity think tank, illuminates several skills to help identify prime new recruits or to develop in existing personnel to build and deepen the successor bench.

Among the report’s top findings:

  • CISOs should have a 50/50 balance of technical and soft skills like communication, relationship building and executive presence. But the report found this talent mix to be extremely rare.
  • In terms of key CISO skills, 82% of those interviewed say communications skills are critical. That compares to just 52% who believe hands-on technology experience is critical.
  • The highest percentage of respondents (29%) say governance, risk and compliance positions are the best pre-CISO role. But the report lists a wide range of previous jobs that can also lead to a CISO position.

To gain these insights, the researchers said they surveyed C-level and VP-level security leaders from companies. Those include Aaron’s, AES Corp., BKW, Blue Cross Blue Shield, BNP Paribas, Capital One, Technicolor, Urenco and Zebra Technologies.

Michael Zachman is CSO, Zebra Technologies, and one of the contributing Council members.

Zebra Technologies' Michael Zachman

Zebra Technologies’ Michael Zachman

“Given the current challenges we face, CISOs and CSOs need to work both internally and externally to build a pipeline of new security leaders,” said Zachman.

While today’s pandemic environment might make recruiting and retaining security talent more challenging, it’s also making more trainable talent available.

Dismal Employment Numbers

According to Janco Associates, a management consulting firm, COVID-19 cost 102,300 IT pros their jobs in April alone.

“IT pros who do not have a job are finding it difficult to even find contract work,” said Victor Janulaitis, CEO of Janco.

Janco's Victor Janulaitis

Janco’s Victor Janulaitis

“Many companies are directing IT functions to facilitate the support of non-IT professionals with new and enhanced internet driven applications for telecommuters,” Janulaitis added. “The demand for contractor help in this effort was high initially, but now is nonexistent. All of this has put IT professionals the same state as the rest of the labor market.”

Companies can look to that pool of workers to develop more security talent, as IT professionals have experience in both technical and security work.

But this available talent pool will shrink some too. Janco predicts IT hiring will resume by the end of the year, but has cut its forecast for overall IT job market growth to just over 40,000 for 2020.

“Regardless of how you choose to staff teams, it is important to identify employees with institutional knowledge, communication skills and some ambition for career growth who can become security leaders with the right training and mentorship,” said Zachman.

About the Author

>