EXECUTIVE SUMMARY:

The search for a well-qualified CISO: 

In 2018, the average cyber breach cost companies $3.86 million, with large scale breaches topping the $300 million mark.

Organizations can avoid financially precipitous cybersecurity situations by implementing policies, governance and infrastructure designed to safeguard systems. However, the element tying these disparate approaches together is the CISO him/herself.

So much is at risk. In the absence of at least one technically skilled employee, deploying adequate prevention and detection measures appears as an insurmountable challenge.

Yet, finding and retaining a talented CISO can also be a difficult prospect. According to one survey, nearly 50% of cybersecurity professionals receive job recruitment advertisements on a weekly basis, but few are in the market for a new position.

Organizations can maximize their chances of landing a well-qualified CISO by testing out the following tried and true tactics:

• Hire a retained search provider. This individual will be 100% committed to finding your organization the talent that you need. “A good retained search provider will act as a consultant, help you scope out the position, explore business goals, and set the search strategy,” writes Forbes. The majority of retained search firms typically charge 20-30% of the open position’s annual compensation package.
• If hiring a retained search provider sounds infeasible, consider a contingency search provider. While a contingency search provider is not solely dedicated to your organization’s search, he or she can serve as extra support for an HR team, and can help get the role filled more quickly than otherwise. The fee structure for contingency search providers mirrors that of hiring a retained search provider.
• Ensure that the language in your job description is consistent, and clear. According to Indeed.com, one reason as to why organizations often fail to recruit in a timely manner relates to the fact that groups “…use confusing and inconsistent language across similar roles,” and that many ads specify that the applicant have certain academic qualifications. In reality, many extremely well-qualified applicants for tech positions lack extensive formal education, instead learning skills on the job or through unconventional means.
• Your talent might be hiding in the next room. Another means of filling cybersecurity roles is to expand the pipeline. Consider recruiting some of your current IT staff to learn the right skills. Sponsor professional development opportunities that shape them into cybersecurity gurus. Your own staff, who know the company, and who could work in a cross-disciplinary fashion, might be your best choice.

For more information on securing top talent, please visit Forbes.