According to an IANS survey of more than 800 CISOs, roles such as business information security officers (BISOs), chiefs of staff and heads for privacy, program management and data protection are among the top positions being considered to support cybersecurity efforts.

The post CISOs Look to Establish Additional Leadership Roles appeared first on Security Boulevard.

The post Alyssa Miller: Charting the Course Through InfoSec and Aviation appeared first on Shared Security Podcast.

The post Alyssa Miller: Charting the Course Through InfoSec and Aviation appeared first on Security Boulevard.

The post Layoffs, Recruiting, and The Year Ahead for Cybersecurity Job Seekers appeared first on The Shared Security Show.

The post Layoffs, Recruiting, and The Year Ahead for Cybersecurity Job Seekers appeared first on Security Boulevard.

If your recruitment process needs some work, you’re not alone. Many cybersecurity startups are in a similar situation. The key to overcoming recruitment challenges is usually a shift in mindset.  The first step to fixing an inefficient recruitment process is understanding the difference between hiring and recruitment. You’re “hiring” when robust training programs are available..

The post What’s Wrong With Your Recruitment Process? appeared first on Security Boulevard.

Few corporate boards feel adequately skilled for cyber security. It’s a complex and fast moving risk that has developed at a pace since many independent directors and NEDs were hands on executives. For executive directors, cyber is a challenging pain point that can be difficult to fully get your head around. It’s often an issue that leaves board members with a sense of discomfort.

Board members bring value through having ‘been there and done it’: no seminar can replicate that. Increasing the diversity of skills on a board is always a good idea, as long as new non-executive board members can learn to operate at a strategic level and stay ‘hands-off’ in a non-executive capacity. Board members also need to be able to contribute credibly on a range of topics, and understand the dynamics of a boardroom environment.

Recruiting a ‘cyber-NED’ — someone with hands on leadership experience in cyber security and technology risk management, who has managed this successfully and handled major incidents before — sounds like an attractive option. However this type of role can be very new to technology and cyber security leaders who may not have prior board experience. Having served as an NED on a number of boards, I’m aware that I am an exception to the rule. Your security leaders may need your help to build that perspective.

Don’t let that stop you though: more diversity on boards has been shown to enhance corporate performance, and board diversity is not just about gender or ethnicity — it’s about skills and age diversity too. And how will experts in cyber gain this level of exposure if not through being given the opportunity to do so?

Of course you can’t be a ‘cyber-NED’ any more than you can be a ‘marketing NED’ — you are a director and share responsibility for the performance of the company. That does mean a certain level of capability is required across wider disciplines, and a good ‘cyber-NED’ candidate has likely held senior business responsibility, handled financial performance of business units, and served in other roles leading operations or service delivery as well as risk and compliance. With both a cyber and finance background, I find I am asked to Chair or serve on audit committees and risk committees. Candidates with this experience are out there, but they may not be in your network so you may need to engage a board search firm to find them.

There are a number of services available today that have access to suitable qualified candidates, and running an open recruitment process for your next NED or independent director brings other benefits too. You are more likely to obtain wider skills or experience, obtain greater diversity of candidates, and benefit from a fresh perspective that can bring greater value to board discussions and decisions.

Cyber may be only one of a number of skills gaps for your board, and you may not find the ideal candidate right away. If you need to address the gap in other ways you could also consider setting up an advisory board to contribute missing skills, seeking an external coach with expertise in this area, or asking your CISO to lead a series of training seminars for the board. All are good places to start (and help bridge the gap between business and technical leadership, too).

At the very least, make sure your cyber leader has direct access to the board and is regularly asked to present at it. If there is a disconnect, take action to upskill the board to resolve it.

However you decide to address it, don’t leave it: every organisation needs a cyber and risk literate board.

Further reading:

“How to build a cyber capable board”, Matt Palmer, Director Magazine: https://www.director.co.uk/how-to-build-a-cyber-capable-board/

About the author

Matt Palmer is a technology and cyber risk leader. He has led global technology and cyber security functions across banking, insurance and capital markets as an IT Director and CISO— often through innovation, change, and M&A. He is director of cyber strategy and risk advisory firm Cyberclaria, a board advisor to several fintech startups, a board member of a financial services regulator, and an experienced NED. Both an accountant and a technologist, Matt has presented at many international conferences and was awarded Security Leader of the Year in 2018.

Connect with Matt on Medium, Linkedin and Twitter

The post Do we need a cyber-NED on our board? appeared first on Security Boulevard.

The post Episode 100 with Rachel Tobac and Kathleen Smith appeared first on Shared Security Podcast.

The post Episode 100 with Rachel Tobac and Kathleen Smith appeared first on Security Boulevard.

The post My Best Hires had 30% of “The Wrong Stuff” appeared first on Lastline.

The post My Best Hires had 30% of “The Wrong Stuff” appeared first on Security Boulevard.

The post InfoSec Recruiting – Is the Industry Creating its own Drought? appeared first on Liquidmatrix Security Digest.

The post InfoSec Recruiting – Is the Industry Creating its own Drought? appeared first on Security Boulevard.

Categories:

• Business
• Security world

Tags: CISOcybersecurity skills gapprocess automationrecruitingskills gap

The post What’s causing the cybersecurity skills gap? appeared first on Malwarebytes Labs.

The post What’s causing the cybersecurity skills gap? appeared first on Security Boulevard.