The situation the new CISO finds on arrival is often different to what they were expecting, but who’s to blame?
The CISO role has never been more important. The firms that fail at appointing a new CISO are those which rush and push an inexperienced techie in a poorly defined role. Positioning the role accurately in relation to the firm’s objectives around security, thinking it as a senior leadership role, and taking the time to find the right leader are the keys to long-term success.
The role of the CISO in its historical technology-driven perception is not outdated yet, but it is under threat and losing ground. The firms looking to reverse this trend need to act at three levels
Surveys suggest that the average tenure in a CISO position is around 2 years. Nothing will change until the profile of the CISO is raised and they start to see their role over the mid to long-term
The GDPR is not just about Security, but it has been dominating the life of many CISOs since last year. What does that mean in practice for the CISO? and why would a CISO be worried?
There is some form of management reality beyond the “100 days” journalistic cliché: How does an incoming executive make an impact in a new role? What are the real timeframes to look at, and what can be expected and over what horizon? What are the key issues that should raise a red flag during the first few months in a new senior position? and those which can be ignored?