Some Dos and Don’ts for Hiring Your Security Leader
I’m an executive-level security headhunter. That means I spend a lot of my week doing two things: talking to CISOs or those people ready to be CISOs and consulting with companies that are in the market for a security leader.
My experience is that companies looking for a security leader fall into three categories. The first category consists of companies that know their risk tolerance and have a clear idea of what they want their security program to accomplish. In the second category are companies that think they know but are a little unsure and need an interview process with different levels of candidates to help make a decision. Finally, companies that are spooked by the breach headlines, aren’t sure what they need but know they should probably figure it out in a hurry make up the third category. All three options present a great opportunity to find the right security leader.
If you’re a company that’s in the market for a security leader, start by determining which category you’re in. Then consider these DOs and DON’Ts.
Don’ts
DON’T list all of the skills that a fully-functioning security program requires and cram it into a job description. Consider your company’s current security posture and risk tolerance. Synopsys recently released its CISO Report with a very interesting look at the CISO “tribes.” Does your company view security as an Enabler, a Technology, Compliance, or a Cost Center? Paint a picture of where your company stands in security and where you want to go. If you do this well, security leaders that aren’t interested will opt out before the interview process, saving you valuable time.
DON’T post a security leader position on a job board. First, it’s a time killer because you’re going to get 400-500 resumes. (A lot of people (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/risk-based-security-for-executives/connecting-security-to-the-business/some-dos-and-donts-for-hiring-your-security-leader/