Blog

Browse Topics:

Hiring a CISO: 5 Critical Skills You Can't Overlook

GettyImages-1552851641After a few years of recruiting executives in cybersecurity, I have noticed some major issues with what companies think they want when hiring a CISO. I am constantly networking with security executives, so I hear a lot about the problems they face in their roles and the challenges they think they would encounter walking into many of the roles being posted online today. The CISO role has evolved significantly over the years and will continue to progress. At the end of the day, security is not just a technology or cost center problem; it really needs to be viewed as a business solution. People, processes, and technology are all important pillars of a great security program. When these pillars work together harmoniously, companies can find the balance between being secure and compliant while allowing the business to function efficiently and profitably.

Companies don’t seem to truly value security until they or a competitor are compromised, and they see the full ramifications of how it affects their business and image in the eyes of the consumer. Given the high stakes, it's important to identify what makes an effective security leader, before it's too late. That’s why I’ve consulted two CISOs to get their expert opinion on some of the traits that make a great CISO. Their collective insights, alongside my own experience helping companies find capable security leaders, are captured below.

 

1. Communication

A CISO bridges the gap between technical teams and executive leadership. They must simplify complex security concepts and present them in terms that non-technical stakeholders can easily understand. At the same time, they need to clearly communicate business goals and priorities back to the technical teams. Without strong communication skills, misalignment can occur, which can hinder progress and lead to security vulnerabilities. Rather than trying to master every detail themselves, an effective CISO hires experts around them to fill in the gaps while they focus on clear, consistent communication to ensure everyone is on the same page.

In addition to translating technical details, a CISO often has to "sell" the importance of security measures to the leadership team. This could involve framing risks, costs, and vulnerabilities in a way that syncs up with business priorities, like tying security risks to potential financial loss. For example, when requesting a budget increase, a CISO should be able to quantify the risk in dollar terms, helping executives see the value and urgency of the investment. Clear, persuasive communication is key to driving action and securing the right security resources.

 

2. Business Acumen

An effective CISO should understand how security decisions impact the business as a whole. A security leader who lacks an understanding of how their company functions or what drives profitability is a major red flag.

In interviews, asking candidates questions like, “How did your previous company make money?” can reveal whether they have the business acumen needed to align security measures with company goals. A CISO who doesn’t fully understand the business, puts themselves at risk of designing inadequate security controls to protect it.

 

3. Technical Expertise

For a CISO, the term "technical" can mean different things depending on who you ask. For a hiring manager, it often refers to someone who can simplify complex technical concepts for the board. On the other hand, a recruiter might look for someone who has an extensive technical background.

However, one expert CISOs I interviewed offered a nuanced perspective: he believes that “the best CISOs aren’t the most technical.” Instead, they should be "technical enough" to understand the technical details from their team and then act as a translator, explaining the business impact to the board or executive team.

 

4. Leadership

A CISO should be more than just someone who hands out orders. They need to motivate and lead their security team, creating an environment where everyone feels inspired and focused. Good leadership means setting clear goals and helping the team work together smoothly to achieve them.

Building relationships across the organization is also key to be an effective leader. Sometimes security isn't viewed as a priority, or worse, it can be treated as an afterthought. A successful CISO works behind the scenes to build strong relationships with stakeholders in other business areas. They gain buy-in from fellow executives by framing security initiatives in terms of business value, whether that’s reducing risk or enabling future growth. Everything a CISO does must be tied to the bigger picture, ensuring each initiative is backed by a clear business case.

 

5. Balanced Competencies

Candidates who have embraced lateral moves and gained exposure to different areas of security can be key assets for an organization. A broader view helps in integrating security measures with the company’s wider objectives, because they’ll be better equipped to give direction and answer questions for a variety of project stakeholders.

For instance, a candidate with experience in security operations, risk management, and security architecture can integrate these areas into a cohesive strategy, aligning security measures with company goals. In contrast, a specialist in just one area, like network security, may struggle with broader security challenges and communication across departments, making them less effective in a CISO role.

 

Final Takeaways to Make the Right Hire

One of the CISO experts I interviewed shared a telling insight: “Security isn’t impactful until it is.” In other words, people often overlook managing risk until it threatens the company's finances or sensitive information. That’s why being proactive in hiring a CISO is so important. And without knowing which skills to target, your organization could be at risk of making the wrong hire. Therefore, by focusing on the key skills outlined above, you’ll be in a stronger position to find the right person to lead your security strategy.

If you’re interested in learning more about our range of cybersecurity expertise, click here.

 

AI eBook footer graphic

Related Posts

The Rise of the vCISO: Benefits of Engaging a Fractional Cyber Expert Read Post RSA Conference: Hiring Cybersecurity Talent in A Skills Gap Takes This Read Post A Career in Fintech: Key Roles at Each Stage of Fintech Product Development Read Post