Is your security leader on a tour of duty?

We all know of people who take on a new role with a plan a mind. They know from day one what their 30-, 60-, and 90-day goals are. Or ‘the first 100 days’. There are also planners who consider a limited tenure such as a 2 year ‘tour of duty’. I’m generalising, as everyone is slightly different. But, in essence, people either know what they want and how quickly they plan to achieve it or they go into roles with blind faith that the journey will take them where it takes them.

For those with a plan of big goals and limited tenure, this is often their own boundary to set, but it can work well for the candidate and the organisation. For example: A friend assumed a role as a consultant leading a team as an interim executive. The business loved her, and before long, they were asking her to stay. She politely declined, every other day for a month, until she went to the CEO and suggested she would stay, but on the following terms: She would remain a consultant, only stay for two years, and in that time she planned to execute X, Y, and Z. With this proposal, the organisation was able to move ahead with consistent leadership, it could plan for the leadership change two years on, and it knew what it would get by agreeing to the deal. It’s was a win for both sides.

Some people look for a particular skill set to complement their experience. Early in my career, I had a peer who hadn’t worked for any smaller companies and felt this experience was lacking from his CV. He stepped out of a senior role in a global organisation and spent two years to the day leading a much smaller team in a more agile environment (‘agile’ with a little a). By his planned resignation date, he had made himself redundant and moved to a more senior role in a mid-tier organisation – his plan all along. The organisation was aware that he was seeking some specific experience for his CV. They knew he would not stay forever, and because of that, they worked him hard, made sure he trained others and imparted his 20 years of business knowledge through mentoring and program leadership. The business respected his honesty, and instead of watching the days slip by, awaiting his inevitable resignation, they embraced the time they had with him.

For CIO's, there is no harm in being honest about your plan to help your new leader do the best job they can in a short tenure, make a dent in the organisation’s security action plan, and then be promoted or groomed for a new or more senior role. I believe every manager’s job is to ready their staff for their next role and then set them free. If both parties are ‘on the bus’ with this, it’s a very efficient, effective, and honest way to get the best outcomes for all involved. Planning ahead for the exit of your new hire isn’t for everyone, but, having said that, in recent stats the average Australian stayed in their job for just over three years, even less for millennials, so it is not as defeatist as it sounds.

My advice – when interviewing security leaders, listen carefully when you ask the question ‘Where do you see yourself in five years’ time?’ This might seem like a corny, old-school question but it can tell you a lot about where the candidate sees all this going if you’re really listening to the hallmarks in their answer. Delve deeper with your questioning, if necessary, to find out what they need from you to stay for at least two years. Retention in security is a challenge and if you can work together with your CISO to ensure they get the experience they are after while delivering value for you, it’s a win for all. 

Is your security leader on a tour of duty?