Four steps to hiring the best CISO in an IoT world

May 14, 2020 / IoTTechnology

With this in mind, businesses must strike the right balance between staying secure and leveraging innovation to take advantage of advances like the IoT. A crucial part of this starts with selecting the best CISO, something I did several months ago with great success. Here are four factors I have considered when assessing candidates for the CISO position, based on more than 35 years of experience in high-risk operations and overseeing various facets of security for businesses, the FBI, intelligence community, and military.

4 factors for hiring a CISO

  • Security is in the title, but won’t be the only job: Security should be treated as a service that needs to be operated as a business within your business. That means CISOs need to understand their company’s strategy, business objectives and risks to truly provide value. In addition, there are benchmarks, best practices, and regulations that will dictate how information technology and data are to be secured. In this respect, CISOs can provide security and market insights that sales and marketing teams can use to create a strong corporate story about security posture to make your company stand out from the competition.
  • CISOs should openly communicate with the C-suite: A culture of security is supported by factors like how an organisation is aligned and how reporting is structured. When it comes to enterprise risk, a CISO should report as directly as possible to the C-suite. There will be differences based on an organisation’s size and maturity, but the closer access to the CEO is, the less “filtered” critical conversations will be. Risk-based decisions that a CISO needs elevated to the C-suite can sometimes be difficult to communicate to senior leaders, because those decisions will affect other stakeholders and rarely happen in a vacuum.
  • ‘Security’ has broadened: Twenty years ago, it was common to work in an organisation where “security” meant having someone in IT managing a firewall. But marketplace dynamics and consumer demands have since influenced how businesses operate and driven the need for professional information security staffs. Today, outside factors like regulations, legal requirements, and customer demands drive the need for robust security just to stay in business. CISOs should be armed with this knowledge and the right budget to enable them to define their security strategy in the realistic context of their business’s finances and objectives.
  • The best CISOs are the best students: CISOs need to be technically skilled, strong leaders and astute business managers. The CISO role is a journey, and good CISOs must be committed lifelong learners. The industry never stops evolving along with technology, which means threat vectors will continue to become more complex, as will data privacy laws and a host of other external “influencers” on the CISO’s role. This generates a constant need to maintain and refresh knowledge in order to adhere to sound risk-management practices.
Social media & sharing icons powered by UltimatelySocial