In World War I, the space between the most-forward trenches in a battle was called No Man’s Land – a place you didn’t want to be.

I learned it as a tennis term. In tennis, you want to play at the net or behind the baseline. The middle of the court is where the ball bounces. You can’t play from there because it’s hard to hit balls that are bouncing at your feet, thus No Man’s Land.

I see a lot of companies trying to play from the middle of the court when going through the process of selecting a security leader. It doesn’t have to be this way. A good dose of honest evaluation in a few key areas makes for a positive foundation to hire the right person to secure your company, employees and clients.

Arm yourself with consensus and understanding in the three following areas to avoid falling into No Man’s Land.

1. Determine your real risk tolerance.

At its root, hiring a security leader is a philosophical exercise. You start at 10,000 feet and work your way down to the details. On a scale of 1-10, how secure do you want your company to be? There’s not a right or wrong answer. Where companies get into trouble is when they’re at a 5 and try to hire a security leader whose expectation is an 8, or vice versa.

Some key questions to ask are: What do you want your security leader to oversee? Is it just operations, or does it include risk management, governance, legal, and identity access management? Does your budget allow you to succeed in achieving your goals for security? How much do you want in-house versus working with a Managed Security Services Provider?

2. Confront the immovable wall of the executive payment (Read more...)