When hiring a cyber security leader, remember, it takes a village

Early in my career, I came to realise (which became the reason I do the work that I do) that no security staff member is the same and without each other, true success is unlikely. As a leader without a technical background, building a security team of staff who complimented my skills was key. While security isn’t all about technology, technically literate staff are needed to establish and validate technical controls, provide quality advice to the business and deliver on the security strategy. Leaders also need analytical thinkers by their side to nut out issues and resolve incidents. And leaders need other leaders close by. Because let’s face it, a CISO or head of security, even with a breadth of skills, can’t do it all. 

As a  CIO, you could line up a long list of potential candidates for a CISO role and find that while they could all do the job, they would all take a different path and surround themselves with a different team. Ultimately, they would still be focussed at the same goal – to protect the critical assets of the business.

When hiring a security leader, it is imperative that you are clear on the required, non-negotiable skills and traits of the ideal leader. Once found (no easy task), your new hire can then supplement their skills with subject matter experts, as they alone will never completely fulfil the requirements of a job description. Furthermore, if you need the leader to have a working knowledge of the technology stack you’re using, or to be from a financial services background, you may need to reconsider some of your other non-negotiables in order to prioritise.

Navigating the skills you require in a leader and therefore who they might need around them is challenging but not insurmountable. Starting with knowing what the top 2 or 3 big things are to be delivered in the next 12-24 months. This will help you be clear on the must have skills of your new security leader to narrow down the type of the leader you are seeking. When it comes to managing cyber risk, are you focussed on hiring a single leader or are you ready to welcome in a village?

Keen to read more on this subject? Find my book here