Kudelski Security, the cybersecurity division within the Kudelski Group, today released a new report,“Cyber Business Executive Research: Building the Future of Security Leadership”, that provides exclusive insights and actionable recommendations to help organizations address the biggest challenge they face recruiting, retaining and developing the next generation of security leaders. The report was developed in conjunction with Kudelski Security’s Client Advisory Council (CAC), a cybersecurity think tank comprised of information security leaders from global enterprises.
The report identifies several trends underlying the challenge of finding and keeping qualified Chief Information Security Officers (CISOs) and their direct reports a challenge exacerbated by the new remote work environment. For example, effective CISOs should have a 50/50 balance of technical and soft skills like communication, relationship building, and executive presence but the report found this talent mix to be extremely rare. CISOs will be required to have those soft skills to effectively navigate a new business model likely to feature remote work even after the current crisis subsides.
“Now more than ever, global businesses need to understand the evolving CISO role to both stay ahead of threats and be competitive,” said Andrew Howard, CEO, Kudelski Security. “We strongly believe that the cybersecurity industry can benefit from the shared experiences of proven leaders. Our Client Advisory Council members have provided invaluable insights for our clients, and we’re pleased to be able to offer them to the broader security community.”
“Given the current challenges we face, CISOs and CSOs need to work both internally and externally to build a pipeline of new security leaders,” said Michael Zachman, CSO, Zebra Technologies and one of the contributing Council members. “Regardless of how you choose to staff teams, it is important to identify employees with institutional knowledge, communication skills, and some ambition for career growth who can become security leaders with the right training and mentorship.”
The report offers practical advice and insights specific to three key players CISOs, aspiring security leaders and executive recruiters. Key findings for each group include the following:
• CISOs: In light of growing responsibilities under their purview, CISOs should embed cybersecurity into roles that do not normally include it so that maintaining and growing cyber resilience becomes an organization-wide responsibility. In terms of key CISO skills, 82% of those interviewed say communications skills are critical versus just 52% who believe hands-on experience in technologies is critical.
• Aspiring Security Leaders: Anyone aspiring to become a CISO should establish a following in the industry. Efforts to build reputations should be consistent and deliberate, including increasing visibility in social media. Though the highest percentage of respondents (29%) say governance, risk and compliance positions are the best pre-CISO role, there are a wider range of roles that can also lead to a CISO position, which the report explores in depth.
• Executive Recruiters: Across the board, the CISOs interviewed advise recruiters not to restrict searches to their own industry, particularly if the industry lags behind when it comes to cybersecurity. Given the amount of time it takes to recruit a CISO an average of 6-12 months according to nearly half of respondents in the US and to 92% of respondents in the Europe executive recruiters should employ a Virtual CISO (vCISO) in the interim. To mitigate risks associated with high CISO turnover and compensation, recruiters should also think more broadly when it comes to recruitment, nurturing a talent pipeline that starts with places like universities, technical schools, and the military.
In addition to Kudelski Security’s Client Advisory Council (CAC) members, the report leverages interviews and surveys conducted last year with more than 110 CISOs in the U.S. and Europe from leading global organizations. The CAC provides insights and guidance on solutions Kudelski Security delivers to their clients. Members comprise C-level and VP-level security leaders from companies including Aaron’s, Inc., AES Corporation, BKW, Blue Cross Blue Shield, BNP Paribas, Capital One, Technicolor, Urenco and Zebra Technologies.
Kudelski Security Advisory CISOs Joe Bennett, former Hertz CISO, and Jason Hicks, former Ares Management CISO, along with Digital Security CISO-as-a-Service, Youssef Mahraoui will share key report findings and answer questions on the different career pathways to becoming a CISO during two Kudelski Security webinars on May 14 and May 28. For more details and to register for the events, visit kudelskisecurity.com/path-to-ciso-US and kudelskisecurity.com/path-to-ciso-emea
About Kudelski Security
Kudelski Security (kudelskisecurity.com) is the premier advisor and cybersecurity innovator for today’s most security-conscious organizations. Our long-term approach to client partnerships enables us to continuously evaluate their security posture to recommend solutions that reduce business risk, maintain compliance and increase overall security effectiveness. With clients that include Fortune 500 enterprises and government organizations in Europe and across the United States, we address the most complex environments through an unparalleled set of solution capabilities including consulting, technology, managed security services and custom innovation.