Despite being just a few months in, 2016 has seen big changes in the cybersecurity industry. The White House recently proposed a $3.1 billion Information Technology Fund that will enable the modernisation of legacy IT and the creation of a Federal chief information security officer (CISO) position.
Responsible for establishing the direction of U.S. cybersecurity policy and strategy, the Federal CISO position reflects the rising need for organisations to prioritise cybersecurity in the C-suite.
In the private sector, leading retailers have also taken steps to emphasise the importance of digital security. In early February, Nike named Adam Sussman the company’s first chief digital officer (CDO). The move is part of a larger campaign to grow the company’s e-commerce sales by 600 per cent. Tasked with building out Nike’s digital ecosystem, Sussman will have a lot of work to do in regards to bolstering the company’s cybersecurity efforts.
But while the creation of CDO, CISO, CSO and CMT positions has helped cybersecurity gain a stronger foothold in the C-suite, companies need to be careful about who they choose to fill such positions. Poorly implemented cybersecurity policies could spell trouble.
OPM cybersecurity chief Donna K. Seymour resigned from her position two days before she was scheduled to go before Congress to talk about last year’s massive hack of federal personnel records. In what some believe to be the most damaging hack in history, more than 5.6 million fingerprints were stolen, along with the background investigation records of millions of current, former and prospective federal employees.
Although a cybersecurity executive’s job performance largely hinges on preventing data breaches, maintaining a positive user experience is also important. After all, the CISO and CSO have direct input in cybersecurity purchasing decisions. By implementing technology that keeps out cybercriminals without causing unnecessary friction, cybersecurity executives can keep users safe and satisfied.
From securing customer information to improving the user experience, cybersecurity executives have a lot on their plates. Choose the right candidate for your organisation by keeping an eye out for these five qualifications.
When it comes to cybersecurity executives, one size doesn’t fit all. A wide variety of IT professionals, including network administrators and security analysts, have enjoyed long-term success in the role of CISO. But what’s even more surprising is the fact that individuals with backgrounds in psychology, sociology and law have proven just as effective.
While it may be wise to not limit your search to candidates with Master’s degrees in information security, requiring applicants to have basic security education in the form of certifications is important. More than 90 per cent of cybersecurity professionals indicated that certifications demonstrate competency in their job.
Having built their careers on breaking in and out of security networks, hackers are among the most qualified CISO candidates out there. Still though, it may be best to steer clear of hiring someone with a background in hacking. Most hackers work outside of a traditional business or organisation, leaving hiring managers with fewer references to rely on once it comes time to make a decision.
Set your sights on a security expert who is well-known and highly regarded within the cybersecurity industry. The added familiarity will not only give you a chance to dive deeper into the candidate’s work history, but it will also help keep your mind at ease in the event that a cybersecurity emergency ever takes place.
Establishing a secure network is one thing, but communicating the importance of cybersecurity to other executives is an entirely different challenge. Any candidate needs to understand how an effective cybersecurity strategy will help a business achieve its fiscal objectives.
Technical terms will do little to convince decision makers within a company to spend more money on cybersecurity. Shoot for a candidate who possesses the technical prowess needed to maintain security along with the ability to justify necessary investments in cybersecurity, especially when it comes to executives who carry a lot of responsibility but have limited technical knowledge.
Cybercrime isn’t limited to one country or even continent. It’s a pervasive problem that impacts businesses around the world. As such, candidates should have a global perspective. By tracking millions of active user accounts across tens of thousands of websites and mobile applications, CSOs and CISOs can begin to track cybercrime no matter where it takes place. Choose a candidate who collaborates with cybersecurity experts everywhere in an effort to keep sensitive customer information safe.
As the head of cybersecurity, the CISO might have to hire and manage a support staff in order to meet his or her goals. Keep an eye out for a candidate that has previous experience serving as the leader of a department. From establishing a culture to raising worker productivity, leadership has a big influence over the success or failure of a department. Prior experience managing a support staff could go a long way toward ensuring the success of your organisation’s cybersecurity strategy.
The emergence of cybersecurity executive positions at leading retailers and government institutions places greater emphasis on the importance of a sound cybersecurity strategy.
With these five tips in mind, your organisation can hire a CISO or CSO who is equipped to implement cybersecurity best practices in an increasingly digital age.
Reed Taussig is the president and CEO of ThreatMetrix
Image Credit: Shutterstock / CobraCZ