Entering the Twilight Zone: Adventures in the Security Leader Search
Entering the Twilight Zone: Adventures in the Security Leader Search

by Tripwire Guest Authors on October 7, 2018

If you’re in your 40s or 50s, you probably remember a TV series called The Twilight Zone. (Millennials, think Netflix’s Black Mirror). Every show was its own stand-alone story that took viewers into an alternate reality where things got weird in a hurry followed by twists and turns culminating in a surprise ending.

These types of winding plots aren’t unheard of in the real world. I headhunt in executive-level security positions. Through these experiences, I’ve grown accustomed to one thing – when it comes to finding and negotiating CISO/CSO positions, the process is unique, and there are a lot of surprise endings. Here’s a few tips for navigating the unknown.

1) Flexibility can win a great hire

I’m a firm believer that with any search, the devil is in the details. That starts with a VERY well-written job description which includes the title, reporting structure, thorough job description, a solid sales pitch on the company, and experience level.

A security leader job description is difficult, because besides the CEO, it’s the only job that has tentacles into every aspect of the business. Your CISO will probably run point on security operations. Prevention, detection and response, risk management, governance, education, legal and regulatory, business enablement, identity and access management (IAM), and leadership chops are a must. But it gets a little murky after that, and flexibility can be greatly rewarded. Why? The person you will hire has no formal educational training for this role, because it doesn’t exist.

What he or she learned came through hard-earned experience, trial and error and good mentoring. Industry experience can also be tricky. Several industries have security skills that are transferable because the regulatory frameworks are fairly similar.