Categories
Cyber security is a journey, not a destination, and organisations need the right leader for the journey.
Due to various reasons like compliance and regulatory requirements, cyber incidents, and increasing interest from the board, organisations recruit cyber professionals to manage cyber security. Cyber security is very diverse, and organisations must acquire a variety of skilled cyber professionals to suit their needs. However, this is not always possible.
To solve this problem, organisations engage cyber professionals – like security specialists, senior security officers and security analysts – with broad responsibilities ranging from configuring cloud technologies to defining strategies and communicating to the board. This is a set up for failure for both the organisation and the successful candidate. It is a box-ticking exercise; isn’t the best value for money and will not make the organisation more secure.
However, one highly effective approach that organisations can take is to acquire a virtual Chief Information Security Officer (vCISO). A vCISO is an outsourced security practitioner or provider, usually working part-time or remotely, engaged to define an organisation’s security strategy. Some manage the implementation and provide the much-needed visibility to the board and other business stakeholders. If you are in the market for a cyber professional to lead cyber security, here are five reasons why you must consider a vCISO.
The Role: Are you looking for a security executive or technology expert? A security executive must have highly developed influencing and communication skills. In contrast, a technology expert will be proficient in specific technologies. Cyber security is a people business, and if you are looking for someone to win the hearts and minds of the organisation to progress the cyber security agenda, the vCISO is your answer.
Skillset required: It is highly unlikely that you will find a security specialist with firewall configuration proficiency, board persuasion and everything in between. Firewall configuration is a specialist skill, and board persuasion is another. If you are looking for a cyber security unicorn, a professional that encompasses all the skills you are looking for, you should consider vCISO service providers as they provide different security expertise based on your needs.
Access to Senior management: Will the role have access to senior management or the board? Security is a business problem, not an IT problem. For any cyber professional to lead cyber security, they need access to senior management and autonomy to succeed. If another C-suite executive, usually the Chief Information Officer, is responsible for cyber security, engaging a vCISO to advise them would deliver the best value.
Readiness for transformation: To uplift cyber security across the entire organisation requires changing processes and culture. This change will frustrate staff and senior executives at the start and will need support from a senior executive. If there is no senior executive prepared to support and continuously communicate the security agenda across the entire organisation, the organisation is not ready. A vCISO is the best fit.
Organisational constraints: Managing cyber security requires a combination of people, process and technologies. Trying to fit all security responsibilities into one role due to organisational constraints like budget and lack of skilled staff or team, is a set up for failure and isn’t the best value for money. If you must hire one person, due to any or a combination of constraints, choose a vCISO. They will set the organisation on the journey to uplift its cyber security posture.
Conclusion
Cyber security is a journey, not a destination, and organisations need the right leader for the journey. This leader must be an experienced cyber executive with the ability to develop highly effective cyber strategies and boost senior management confidence in cyber security. Cloud technology or ISO 27001 specialists excel at their craft but will not, in most cases, provide cyber leadership.
Define the role; acquire a vCISO, and manage cyber security effectively.
