A people first approach to security is critical for success but it seems challenging and sometimes daunting.
By Karl Sharman, Vice-President, BeecherMadden
Human error is the number one cause of breaches or incidents according to Willis Towers Watson (almost 2/3’s of breaches). Some of these will be an error, but some will be rogue employees or ex-employees. Our research at BeecherMadden found, that in 2019, 86% of cyber professionals are open to moving organizations. Losing security staff creates a business risk, as do disgruntled or disengaged employees. So how can you mitigate this key security risk?
A people first approach to security is critical for success but it seems challenging and sometimes daunting, especially when considered against the two statistics above. A potential solution is for the CISO to appoint a Chief of Staff. The Chief of Staff can focus on the people issues, without needing to have the technical expertise often found in cybersecurity teams.
When speaking about security staff departing, one of the most expensive of those is the CISO. Industry research suggests that the average CISO tenure is only a maximum of 48 months, with many packing their bags even sooner according to CSO. Bringing in a solid Chief of Staff to remove some of the day-to-day grinds could help CISOs focus on the higher-level parts of the job, maintain a more favorable work-life balance, and possibly extend the 18-24 months into more longevity and company loyalty.
This person can drive cyber awareness training, internal education, hiring and retention strategies and bridge that gap across many business units in complex environments. Although this comes at a cost to the business, hiring and education can be far more detrimental to the bottom line as well as damaging market reputation. Furthermore, their exposure to the team will further provide insight into areas for development or preventable issues around staffing, risk or costs to the business.
Salaries have significantly grown in the last year and there is more competition in the market to recruit talented individuals – companies have to create the right environment with a security-first approach to appeal to candidates on the market. The Chief of Staff position will provide this in abundance. Retention is a serious issue; Cyber Security Ventures have repeatedly stated about the lack of candidates compared to the number of open vacancies in the next few years. This means that companies need to take more responsibility in taking care of their staff in such a demanding and ruthless market.
Education for the security team is another aspect that companies are overlooking. It is important not only for the individual but also for the company itself. Continuous improvement is the only way to deal with the evolving threat both internally and externally. Cyber Awareness is an added benefit to this especially across the wider units of the business as many companies lack an understanding of security awareness among end-users, which can lead to more security vulnerabilities (ISC)².
Finally, the Chief of Staff can be a spokesperson for cybersecurity within the business internally and externally to further drive the market reputation for candidates, customers, and clients. They will be different from a Human Resource or PR specialist as they will be specialized and knowledgeable on the market and have deep insights to share at conferences, meetings, and interviews.
The Chief of Staff is an important role within the government and many firms have turned to this model to support staff better for the long-term future of the company. However, cybersecurity needs this more than ever to compete and stand out in a competitive marketplace.
About the Author
Karl Sharman is a Cyber Security specialist recruiter & talent advisor leading the US operations for BeecherMadden. After graduating from University, he was a lead recruiter of talent for football clubs including Crystal Palace, AFC Wimbledon & Southampton FC. In his time, he produced and supported over £1 million worth of talent for football clubs before moving into Cyber Security in 2017. In the cybersecurity industry, Karl has become a contributor, writer and a podcast host alongside his full-time recruitment focus. Karl can be reached online at firstname.lastname@example.org, on LinkedIn and at our company website http://www.beechermadden.com