The Secure CiO
eBook - ePub

The Secure CiO

How to Hire and Retain Great Cyber Security Talent to Protect your Organisation

  1. 130 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

The Secure CiO

How to Hire and Retain Great Cyber Security Talent to Protect your Organisation

About this book

Are you a CIO currently leading, or would like to lead, cyber or information security professionals? Do you find the idea of going to market in search of a security leader a daunting task? The current security job market has become increasingly difficult to navigate for hiring managers and candidates alike. Many roles globally, sit vacant for months and the uncertainty this can cause for CIOs, on top of their mounting workload, is difficult to address and causes increased risk for the organisation. This book provides a step-by-step framework to address the challenges of finding and retaining cyber security leaders. Guiding CIOs and their peers through the establishment of a Security Agenda, this straightforward framework doesn't end at contract signing. From establishing non-negotiable traits to ensuring the new leader effectively transitions into the role, The Secure CIO removes the burden of hiring a cyber security leader. Written by respected information security blogger, Claire Pales, this book is for any CIO leading security staff - whether currently hiring or still considering the best way to address cyber risk in an organisation.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access The Secure CiO by Claire Pales in PDF and/or ePUB format, as well as other popular books in Business & Information Management. We have over one million books available in our catalogue for you to explore.

Information

Publisher
27 Lanterns Pty Ltd
Year
2018
Print ISBN
9780648204794
eBook ISBN
9780648204756
Topic
Business
Subtopic
Information Management
Index
Business

Section 1
Clarity: Establishing your Agenda
‘Preparation is the key to success.’
Alexander Graham Bell, inventor, innovator
The framework begins with clarity – clarity on why you are recruiting, on the current state of security in your organisation from your perspective and that of your stakeholders, and on where a new leader would fit into the overall organisational structure.
How many businesses take the time before recruitment begins to understand their security position, the skills the business needs, and what value can be added through a security role? From the jobseeker’s perspective of available roles, how many candidates truly know what they are getting themselves into if they are successful?
Securing your business can be overwhelming, especially when starting from scratch. Once your organisation has identified a need to make security part of the way you do business, how do you get started? Should you go big and seek a deep-dive risk assessment? Should you consider a three-year strategic implementation? Should you hire a head of information security? 
What is the best approach to help you identify what information security looks like at your company? Instead of a ‘go big’ approach, like those mentioned above, organisations could begin by asking key people in the business what security means to them, what they expect from a security program, how security would align with their business strategy, and given all the competing priorities, where a security program would fit in their organisation. I can feel you rolling your eyes as you imagine these security-related conversations with the CEO, the marketing guy and the under-the-pump head of IT ops. But having someone draw opinions, information, and aspirations from every corner of the organisation to answer the difficult questions can establish the true value placed on security by those in the driver’s seat.
We have learnt that telling leaders, engineers, and anyone who will listen what security looks like is often met with groans, reluctant compliance, or panic. If we gave the business the opportunity to say what it thinks about security – and what it knows about security, which is often only what it sees in the media – this information starts to form a foundation on which incoming security leaders can build their roadmap, to know who else will champion security, and to establish what information security success means for your organisation. 
Starting by establishing your organisation’s security agenda will help your future team to align to your business’s priorities. Yes, there will be some difficult conversations and uncomfortable silences, but won’t they be worth it, if it means agreeing to a way forward together?

1
The state of the industry
‘The conversation around cyber security is changing – risks are better understood and opportunities better realised.’
Cyber security roundtable meeting online news report,
24 April 2017, Dept. of the Prime Minister and Cabinet, Australia
In Australia, there is a growing, unified front towards combating cyber security risk as part of protecting our borders – virtual and otherwise.
In business, the growing number of conversations about cyber is helping to prepare organisations for potential cyber threats. In a government survey, 81% of organisations recognise that all staff have responsibility for ensuring cyber security and, overall 73% regularly discuss cyber security at the most senior management levels.6 A move towards more senior security leaders who can approach the board with confidence and give its members certainty has become a must for cyber-resilient organisations.
Businesses, however, are finding security leaders hard to come by, and the changing face of the industry is more demanding than ever. The following numbers demonstrate some of the challenges:
  • At any time, there are 350,000 open roles for cyber security professionals in the U.S.7
  • 78% of AISA members surveyed believe that lack of clarity about skills required contributes to difficulties in recruiting for cyber security roles.8
  • Difficulties in recruiting because of wage restrictions and the tendency to leave positions unfilled are consistent with evidence of the limited growth of cyber security teams; 52% reported that their team had remained about the same or grown by less than 10%, while more than 11% of respondents reported a decrease.9
  • Australia will likely need about 11,000 additional cyber security workers over the next decade – for technical as well as non-technical positions – just to meet the industry’s ‘business-as-usual’ demand forecasts.10
These statistics alone can make attempts to hire cyber security staff daunting, and almost feel pointless. But more and more research is being produced which informs governments, universities, and enterprises of the changes they can make to better meet the cyber security needs of our country and the world. Some of the actions that can be taken are to:
  • Attract, train and retain more women (more on this in chapter 6). At only 11% of the cyber security workforce (and yet 48% of the general workforce),11 more women would contribute to this great industry, if only they knew about it.
  • Collaborate; get involved. Enterprises, academia and government need to work together to educate the community on the need for more cyber security professionals.
  • Address ongoing development, as well as access to mentors and sponsors, which is critical to attracting, developing, and retaining professionals in the cyber security workforce.
Key takeaway
We have never been more aware of the perceived gap between organisational expectations and available cyber security skills. There are many opportunities to address this gap: by identifying and mentoring the next generation of leaders, speaking up about the importance of cyber security, and playing our part in attracting the best and brightest to the industry.
__________
6 Ibid.
7 Maria Korolov, ‘Look beyond job boards to fill cybersecurity roles’, CSO Online, IDG Communications, 13 July 2017,
https://www.csoonline.com/article/3206688/it-careers/firms-look-beyond-job-boards-to-find-and-recruit-cybersecurity-talent.html.
8 ‘The Australian Cyber Security Skills Shortage Study 2016’, AISA Research Report, Australian Information Security Association, https://www.agix.com.au/wp-content/uploads/2016/12/AISA-skills-shortage.pdf.
9 Ibid.
10 ‘Challenges to Australia’s Cyber Security Industry, Australian Cyber Security Growth Network, April 2017, https://www.acsgn.com/cyber-security-sector-competitiveness-plan/challenges-australias-cyber-security-industry/.
11 Patrick Howell O’Neill, ‘Women paid less than men at every level of cybersecurity industry, report says’, Cyberscoop, 15 March 2017,
https://www.cyberscoop.com/women-in-cybersecurity-wage-gap-report/.

2
What is your why?
‘If you hire people just because they can do a job,
they’ll work for your money.
But if you hire people who believe what you believe,
they’ll work for you with blood, sweat and ...

Table of contents

  1. Introduction
  2. The five-step framework for effective hiring
  3. The Dilemma
  4. Section 1
  5. Chapter 1, The state of the industry
  6. Chapter 2, What is your why?
  7. Chapter 3, Security maturity
  8. Chapter 4, What others are saying - Part 1
  9. Chapter 5, Aligning to business strategy
  10. Section 2
  11. Chapter 6, Where to?
  12. Chapter 7, What skills and outcomes are non-negotiable?
  13. Chapter 8, Let’s get real – the true job description
  14. Section 3
  15. Chapter 9, To recruiter or not to recruiter?
  16. Chapter 10, Candidate review
  17. Chapter 11, Surround yourself with supporters
  18. Chapter 12, Are you allowing for stretch?
  19. Chapter 13, What others are saying, Part 2
  20. Section 4
  21. Chapter 14, The tour of duty
  22. Chapter 15, The expectation gap
  23. Section 5
  24. Chapter 16, Welcome
  25. Chapter 17, Update
  26. Chapter 18, What is coaching?
  27. Chapter 19, What does the candidate need?
  28. Chapter 20, Addressing the stretch
  29. Chapter 21, Where to from here?
  30. Chapter 22, It’s never a ‘wrap’
  31. Valuable references/links
  32. Acknowledgements