CISO Expectations Are Becoming Impossible to Achieve - Security Boulevard

CISO Expectations Are Becoming Impossible to Achieve

The following is a fictional job posting. Any resemblance to an actual public- or private-sector job posting for a CISO is purely coincidental. 

Wanted: An experienced, industry-leading Chief Information Security Officer (CISO) at well below what the market is paying when considering both wages and benefits.

This hacker guru, who excels at stopping nation-states and organized criminals from penetrating (very) vulnerable mission-critical networks, will lead a team of security staff who struggle in the fight against global adversaries and cyber war. Note: Filling existing team vacancies will be an immediate priority, but keep in mind that our budgets are tight, so hiring freezes will likely be imposed soon after you are hired.

This recognized expert in executive leadership, project management, team building, relationship management and budgeting will have a minimum of 10 years of professional experience (20 or even 30 years preferred) managing complex security operations centers, supervising large teams (although the team you will actually manage is rather small) and recovering from global cyberattacks that have devastated international business operations. Note: See these recent ransomware attack examples for more specific details of the challenges we are facing.

This exceptional individual should be able to mentor staff, build award-winning strategic and tactical plans, understand the complexities involved in the global banking system, stop cybercrime and speak effectively in front of large (internal and external) audiences in funny, compelling, and industry thought-leading ways. Note: Obtaining executive buy-in and speaking to media contacts, lawyers, accountants, college interns and the local PTA is a must. Expect plenty of after-hours meetings and numerous formal or information dinners (and lunches and breakfasts too.) And no, your spouse or family members or significant other is not invited.    

The CISO will coordinate, develop and implement corporate policies such as: information security, privacy, urban (Read more...)

*** This is a Security Bloggers Network syndicated blog from Lohrmann on Cybersecurity authored by Lohrmann on Cybersecurity. Read the original post at: