Ian Harragan
Director at i-confidential
The challenges facing an organisation’s Chief Information Security Officer (CISO) are ever more daunting. Worse still, the skills required to meet these challenges are extensive, in short supply and, for many organisations, out of their budgetary reach.
One option worth considering is to use an external specialist who can step in to fulfil the CISO role on a temporary basis. This can bring major advantages:
Flexibility – Support can be scaled up and down. Some organisations do not require a full-time appointment, so using an external specialist part time can wholly meet their needs. Conversely, they can also react in the face of fast-moving requirements.
Immediacy – An external specialist can get started quickly with the cover and support required, whatever the reason. For example, a permanent candidate may have been selected but cannot start for a period of time.
What Makes the CISO Role Challenging?
There is a diverse set of skills and experience required in order to excel, including the following:
Technical Expertise – Understanding information security and its practices in depth, including technical solutions.
Risk Management – Understanding cyber risks in order to effectively identify, prioritise, and mitigate them.
Business Acumen – Aligning cyber security to organisational goals and communicating technical risks in non-technical business terms to a wide audience.
Leadership and Management – As the significance of cyber security grows, so do the teams providing it. CISOs set the agenda and priorities, as well as directing and motivating a potentially large and diverse group of people.
Incident Response – Being ready to act requires a robust plan, as well as the skill to manage effectively under pressure to ensure incident containment and recovery.
Regulatory Knowledge – Maintaining awareness of changes to rules and guidelines that affect a specific industry to ensure security practices remain compliant.
In addition, the requirements above exist within a constantly evolving threat landscape. This requires a CISO’s ongoing commitment to learning and development to ensure success.
Given the importance of the CISO role and the growing level of demand for it, there is a persistent shortage of high-calibre individuals around to fill any vacancies. This creates intense market competition, with the lure of lucrative contracts elsewhere never far away.
Many organisations are left struggling, which has led to greater demand for external specialists to step in and provisionally fulfil the CISO role.
How an Interim CISO Can Help
It is important to consider what else an interim CISO can ‘bring to the party’ in addition to the points above:
Wisdom – A wealth of experience and know-how, often gained in multiple organisations and industries.
Connections – A strong network of contacts that can help with both industry intelligence and professional resources to help address any challenges.
Independence – Someone not vested in internal politics. This allows them to have a level of objectivity that can help ensure weaknesses are identified and addressed.
Perspective – An external hire will often identify innovative approaches and in the process challenge established practices.
i-confidential provides interim CISO and other security leadership resources to a number of clients. They bring the added benefit of being supported by a dedicated cyber security consultancy and resourcing practice that can ensure organisations achieve their goals.
If you are interested in finding out more, please reach out for a conversation.