In the security industry, like any other, there a few traits that should be on your list of non-negotiables when it comes to hiring a leader. The Information Security leader is one of the key roles in business today and is not a hire that you can afford to get wrong. Here are the top 7 qualities to look for, in no particular order (except the first one)…:
1. Integrity. This needs little explaining in a candidate for an Information Security leadership role. Integrity is without question the key attribute to seek. The bonus is - honest, ethical, loyal, consistent and responsible are all values that can come with high integrity leaders.
2. Competence. A candidate’s competence can be established in their demonstrated prioritisation, innovation, delivery, ability to get the job done, exceeding expectations and evidenced uplift of an organisation. In addition to this, their desire to increase their level of competence through on-the-job skills and training must be continuous.
3. Leadership. It may seem strange to call out leadership as a skill that a leader needs….but beyond people leadership, Information Security leaders need to be able to demonstrate taking charge, problem solving and inspiring teams and boards to make change and embrace new ways of working. Not all leaders are created equal and someone who has led before isn’t automatically the right leader for your organisation.
4. Connections/Networks. Networking (as I’ve talked about before here ) is a skill that not only helps in connecting to the security community, it shows willingness to engage peers and stakeholders in new conversations. Networking promotes the leader and your business, connects the organisation with other brilliant talent and highlights potential partnerships.
5. Technical know-how. Gone are the days of professionals suggesting that they are ‘not technical’ (I was once guilty of this). In this digital economy, every business leader including those in security must have the know-how to speak to technical staff in the organisation to understand and achieve the organisational strategy. This doesn’t mean finding a leader who can code with your best developers. But it does mean they understand how technology impacts the broader business objectives.
6. Resilience. Embodying the above traits everyday can be exhausting for many – but there are certainly candidates out there that take this in their stride. Leading a Security team or function requires the ability to react quickly and wisely to security events and rapid business growth. This, like integrity, will need to be established early in the hiring process.
7. Gravitas. Security has been known to be a dry, compliance driven topic (hard to believe, I know...). Candidates with gravitas deliver information with just the right amount of seriousness and commitment to command respect. Gravitas is not only important when addressing senior leaders and the board, but is key in delivering advice during projects, negotiating with third parties and in incident response.
A great information security leader will be vital in times of disaster, during business growth and in day to day operations. Hiring based on the above qualities will stand you in good stead for the breadth of outcomes they may be charged to deliver. Are you looking for these attributes in your next information security leader?