Why #CISO is the hardest tech role to fill?

« Back to Previous Page
299
0

Please to read the entire article.

Marked as spam
Posted by Ratan Jyoti (Discussions: 1, Comments: 2)
Replied on May 1, 2018 12:00 am
Category: Cybersecurity
4 views
0
Private comment
Why is it classed as a tech role?
Marked as spam
Posted by Christopher Wren (Discussions: 0, Comments: 1)
Replied on April 30, 2018 8:00 pm
0
Private comment
If businesses do put the CISO role under Tech then it does become a lot more problematic to fill.

I speak to Loads of CISO’s looking for work and a big question I’m always asked when speaking to them about a role is ‘where does the role sit?’. It shows how serious the recruiting business takes Security and ultimately how much autonomy to do their job once they are in post.
Marked as spam
Posted by Peter Kelly (Discussions: 0, Comments: 1)
Replied on May 1, 2018 8:00 pm
0
Private comment
Depends on what they want out of the role I guess. If they don't intend to budget for any improvements but need a scapegoat for the next breach, I hear Amber Rudd needs a new role now :)
Marked as spam
Posted by Dave Howe (Discussions: 0, Comments: 1)
Replied on May 1, 2018 8:00 pm
0
Private comment
It's only hard if you don't enjoy what you're doing.
Marked as spam
Posted by Raymond Morsman (Discussions: 0, Comments: 1)
Replied on May 1, 2018 8:00 pm
0
Private comment
I would say "...hardest to fill with the right person."
Marked as spam
Posted by Carl Willis-Ford (Discussions: 0, Comments: 1)
Replied on May 1, 2018 8:00 pm
0
Private comment
The “S” really means Scapegoat.
Marked as spam
Posted by Brian Marranzini (Discussions: 0, Comments: 1)
Replied on May 1, 2018 8:00 pm
0
Private comment
I was just talking with my manager about this the other day when discussing my career goals. He made the comment I knew all too well. He said a CISO used to need to be tech savvy, but today’s CISO needs to play politics and techies have a hard time with politics. There’s also the issue with clearly defined roles. We all know Security programs are not successful without clear buy in from leadership, but if a CISO isn’t given the ability to engage leadership directly, implementing cyber strategy can be frustrating and ultimately lead to frustrations. When good employees don’t feel effective they get discouraged and end up looking for new work.
Marked as spam
Posted by Matthew Reyes, CISSP (Discussions: 0, Comments: 1)
Replied on May 1, 2018 8:00 pm
0
Private comment
Matthew Reyes, CISSP - what they say about 'today's' CISO is pretty much the same thing they said about CIO for years, and VP of IT before that and 'head of DP' before that.
Marked as spam
Posted by Allison Dolan (Discussions: 1, Comments: 2)
Replied on May 1, 2018 8:00 pm
0
Private comment
Truth
Marked as spam
Posted by Duvelza Saenz (Discussions: 0, Comments: 1)
Replied on May 1, 2018 8:00 pm
0
Private comment
We in the security community have exacerbated this problem. I would bet that, of the CISO moves that happen these days, more than half are because the “CISO” never should have been in that role in the first place. Too little experience, too little technical knowledge, too little executive presence, too little business knowledge, too little vision, too much greed when they see the ridiculous “market price” for a CISO...
Marked as spam
Posted by David W. Stender CISSP CSSLP (Discussions: 0, Comments: 1)
Replied on May 1, 2018 8:00 pm
0
Private comment
Because it's not a tech role..
Marked as spam
Posted by Fazley Rabbi (CISM,MSP,AgilePM,Cobit5) (Discussions: 0, Comments: 1)
Replied on May 1, 2018 8:00 pm
0
Private comment
#CISO doesn't seem to be a technical role but having technical background is really a HUGE advantage.
Marked as spam
Posted by Robert Kanigowski (Discussions: 0, Comments: 1)
Replied on May 1, 2018 8:00 pm
0
Private comment
Yup. And when companies finally find that seasoned CISO they give them no budget to work with. ;)
Marked as spam
Posted by James Reich (Discussions: 0, Comments: 1)
Replied on May 1, 2018 8:00 pm
0
Private comment
Business acumen is a key to success and good leadership.
Marked as spam
Posted by Dave Elliott (Discussions: 0, Comments: 1)
Replied on May 1, 2018 8:00 pm
0
Private comment
First, CISOs should not answer to the CIO. They have completely different roles and responsibilities (that must be well established and understood) and must work together; however, they should answer to C-level executives, not the CIO. The CISO must have a strong technology understanding but doesn’t necessarily needs to be a “techie.” He/she must understand what’s needed in terms of products and services to be able to request necessary budget to identify, protect, detect, respond, and recover from breaches. He/she must understand what it is they are trying to protect and how is that going to be done. Without technical knowledge, how is it that he/she will know how to proper secure information? For example, a CISO must understand cryptography and know they must have a policy for managing cryptographic keys, what algorithms to use for different functions (e-mail, website), the lifecycle of key management (creation, transport, ..., storage, destruction, ...). Yes, you’ll have to work with the CIO, have a security engineer planning that, but how can you aprove it when you have no idea if it’s a good plan or not? How can he/she ensure the hardening of network systems without technical knowledge?
Marked as spam
Posted by Vanessa (Nessa) Niederauer Tragos (Discussions: 0, Comments: 2)
Replied on May 2, 2018 8:00 pm
0
Private comment
So, commenting here is an interviewing strategy, I guess.

Gear up, future CISOs!
Marked as spam
Posted by Jayaramachandran R. (Discussions: 0, Comments: 4)
Replied on May 2, 2018 8:00 pm
0
Private comment
This is an article from 2016 and does not truly reflect today's market in 2018.
Marked as spam
Posted by Phil Agcaoili (Discussions: 0, Comments: 3)
Replied on May 2, 2018 8:00 pm
0
Private comment
Have to agree. Information Security covers people, process and technology. Being technical is only covering 1/3 of the remit.
Marked as spam
Posted by Dante Brown, CISSP, PRINCE2, MBCS (Discussions: 0, Comments: 1)
Replied on May 2, 2018 8:00 pm
0
Private comment
Really good perspective. I have experienced a wide range of what is expected of a cybersecurity leader. Often times, it seems like a search for a unicorn living at the top of Candy Mountain.
Marked as spam
Posted by Michael X. Valmont (Discussions: 0, Comments: 1)
Replied on May 2, 2018 8:00 pm
0
Private comment
A role that should be quite capable of managing both sides. A sacrificed lamb to be, ensure to put everything is in its proper place then you'd be doing just fine.
Marked as spam
Posted by Deddy Nadeak, CISM, CISSP (Discussions: 0, Comments: 1)
Replied on May 2, 2018 8:00 pm
0
Private comment
I love this perspective. While it may be old, this in my view is still accurate. If you apply this to Security professionals as a whole, it is still accurate today.

I'll echo that the CISO should not report to the CIO. The role is different. I have seen it under legal, finance and IT. It should be considered a separate business function. This however gives rise to have a CIO and CISO willing to work together.

The biggest problem in the industry is finding qualified candidates for all levels. I like leaders who are technical and can teach it, but we need opportunities to progress. Without the opportunity there will be a larger shortage of CISO's in the near future.
Marked as spam
Posted by Steven Holt (Discussions: 0, Comments: 1)
Replied on May 2, 2018 8:00 pm
0
Private comment
Within the question lies the answer. It is not a position to be filled. It is your business, your shares, your risk and your job.
Marked as spam
Posted by Simon Smith (Discussions: 1, Comments: 4)
Replied on May 2, 2018 8:00 pm
0
Private comment
Just one small thing, CISO isn't a tech role. In my part of the world salaries rather range between 100k-200k USD/year.
Marked as spam
Posted by Peter Granlund (Discussions: 0, Comments: 1)
Replied on May 3, 2018 8:00 pm
0
Private comment
Personally, I don’t think it’s any harder to fill than any other role. It’s more about managing (people’s) expectations and being clear about the ask and owning the outcomes. For a CISO and any leadership role, it’s as much about ability as it is character and the ability to assimilate and act on new information, security or otherwise. It’s not just about the technology.

With a CISO specifically, there is probably an expectation that you have experience a mile wide and a mile deep on absolutely everything in security as well as the personality/ability to thought lead in it. In reality, most people don’t and its unrealistic to think otherwise. People will definitely have traits and skills specialities that’ll take them close to a mile deep in some areas but in others people may only have shallow knowledge because of lack interest, ability (natural or learned) or opportunity otherwise EVERYONE would be a CISO, right?

Ultimately, a CISO would only ever be as good or successful as the team working for and with them. Where CISO’s shine or stand out is when they evidence taking a lead in setting directions and policy on security, ownership in times ambiguity and a team that rally’s around and believes the same as they do. That may be the bit that could make them “hard to find”.
Marked as spam
Posted by Dean Hassan (Discussions: 0, Comments: 1)
Replied on May 3, 2018 8:00 pm
0
Private comment
Because its not a tech role...
Marked as spam
Posted by Dominique Brack (Discussions: 0, Comments: 1)
Replied on May 3, 2018 8:00 pm
0
Private comment
I don’t envy you
Marked as spam
Posted by Ed Padilla (Discussions: 0, Comments: 2)
Replied on May 3, 2018 8:00 pm
« Back to Previous Page