• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Security   »   The CISO Search: Finding the Right Person for the Hardest Job in Tech

The CISO Search: Finding the Right Person for the Hardest Job in Tech

  • Posted on:February 18, 2015
  • Posted in:Security
  • Posted by:
    JD Sherry (VP, Technology and Solutions)
0

The role of the chief information security officer has come a long way since the early days of the cybersecurity industry. As the value of sensitive data has grown – to organizations and cybercriminals alike – so has the position of CISO, in a way barely even imagined a decade ago. Firms like Target, JPMorgan and Sony have all found out to their cost what can happen when there’s no strong leadership in security and risk management.

Yet, given continued skills shortage in the industry, the problem for firms is finding the right person to fit the job. To give you a little helping hand, Trend Micro has come up with a short checklist of key attributes all organizations should be looking for in their first, or next, CISO.

Back in time

We’ve certainly come a long way. Back in the early days of the industry, so-called information security officers mainly dealt with hands-on tactical issues like tweaking firewalls, regulating access controls and applying AV. It certainly was not a board room position and frequently didn’t even report into the CIO, with little opportunity to affect any organizational change.

Today, things have transformed almost beyond comprehension. With organizations’ data at risk from a highly motivated, well-resourced and disparate set of agile cyber adversaries, the stakes have been raised to the max. Breaches cost millions of dollars on average in clean-up, fines and potential lost revenue. Leaked IP and other sensitive data could also cost a firm dearly in lost competitive advantage.

In short, the CISO now frequently has the ear of the CEO as a vital member of the organization, spanning IT, business continuity, legal, facilities and compliance – to name but a few. It’s a highly strategic role which has the power to set the tone and vision for information security investments and roadmaps.

Where are they?

The only problem is that CISOs are in high demand today. With skills shortages continuing to plague the industry, employers are finding it tough to lure the right talent with that much-needed blend of technical ability and business sense.

If you have been breached or fear a major compromise like Sony or Target, hiring a CISO is not a silver bullet. The person who fills that role will only be successful if they are given enough budget and resources, and if the organizational culture is relatively sympathetic to their strategic aims.

Key skills checklist

That said, there are several things to look for in prospective candidates that could help to narrow the shortlist down. Your CISO must be able to:

  • Understand the business
  • Possess key business skills including risk management and governance
  • Communicate with the board in a language they understand
  • Understand contracts and their security implications, i.e., with cloud service providers, outsourcers, etc. They need to find security issues during the negotiation process and point them out to key stakeholders such as the legal department
  • Identify new and emerging threats and the technologies to deal with them; like Trend Micro’s APT-hunter tool Deep Discovery, Deep Security and the Smart Protection Suites
  • Show leadership – be proactive in planning information security projects and have a clear vision for the department

 

Related posts:

  1. Don’t Be a Data Breach Victim: Appoint a CISO Before It’s Too Late
  2. CISO Migraines: The Pain and the Remedy
  3. Attacking Wearables: Thinking like a security person
  4. Be Your Own Detective. Stalk—Ahem—Search for Free!

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • New Report: Top Three Ways to Drive Boardroom Engagement around Cybersecurity Strategy
  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.