As chief cybersecurity advisor, I regularly receive requests from recruiters working in the field. Acknowledging the economic forces at play, I appreciate that global demand for cyber professionals exceeds supply. Add to this the increasing rate of organizational breaches and explosion in technology and online services, and it is easy to see why demand has spiked.
All of these factors have no doubt fueled a boom in the cybersecurity industry, bringing with it the problem of questionable leadership. There are those who aspire to be cyber professionals, who may even have an IT background but do not have the necessary knowledge, experience, training and time at the coal face in cyber roles. Put simply, they lack good pedigree. The next time someone wants to talk to you about “risk,” ask them if they have ever conducted a threat risk assessment or managed incident response. More than likely, the answer is no.
How do we get the right cyber leadership?
Let’s first consider this through recruitment of a key cyber role — the CISO (chief information security officer).
Recruitment needs to start with well-constructed job descriptions and criteria. CISOs need to be able…
