CISO/vCISO Recruitment
What are enterprises seeking in their next CISO – a technologist, a business leader or both? Joyce Brocaglia of Alta Associates shares insights on the key qualities
What kinds of CISOs are being replaced? Brocaglia says that an inability to scale and a tactical rather than strategic orientation toward their role are two reasons companies are looking to replace the leaders of their security teams—or place them underneath a more senior cybersecurity executive. They are looking for professionals with broad leadership skills rather than a “one-trick pony.”
Today’s organizations want the CISO to be intimately involved as a strategic partner in digital transformation initiatives being undertaken. This means that their technical expertise must be broader than just cybersecurity, and they must have an understanding of how technology impacts the business—for the better and for the worse. And candidates must be able to explain the company’s security posture to the board and C-suite in language they understand—and make recommendations that reflect an understanding of strategic risk management.
CISOs who came up through the cybersecurity ranks are sometimes at a disadvantage as the CISO role becomes more prominent—and critical to the business. Professionals in this position will do well to broaden their leadership skills and credentials, sooner rather than later.
Source: CISO Recruitment: What Are the Hot Skills?
Interview with Joyce Brocaglia, CEO, Alta Associates
The Benefits of a vCISO
httpv://www.youtube.com/watch?v=jQsG-65wxyU
Want know more about vCISO as a Service…
Subscribe to DISC InfoSec blog by Email
, ever-increasing regulations, and the potential effect of brand damage on profits has made 
a mainstream board-level issue. It has never been more important for 
and processes to be in line with business
feel they are being heard, business leaders admit they aren’t listening.
with business priorities will be much easier.
are the common factor understood by both sides and could be used as the primary driver in this alignment. The reality, however, is this isn’t always happening
s to better understand the use of metrics to communicate with business leaders: why metrics are necessary; how they can be improved; what are the problems; and what is the prize?
/
, 
s, Proxies, or any other solution you have actually do. They only care about the level of risk in the company.”
impact specific 
.
that business leaders understand. This can be used to start the process for each side to learn more about the other. Business will begin to see how security reduces risk, and will begin to specify other areas that need more specific protection.
and information stored, processed, or transmitted by the organization. These departments and these leaders tend to provide metrics that focus on their tactical duties rather than business drivers that concern the board/C-suite.”
. Logins, blocked traffic, transaction counts, etc… but most do not map back to business objectives or are explained in a format business leaders can understand or care about. Good metrics need to be tied to dollars, business efficiency shown through time improvements, and able to show trending patterns of security effectiveness as it relates to the business. That’s the real challenge.”
and president-elect of ISSA. “That is a mistake, because security is our job. We need to better understand the business, so that we can articulate the impact of not applying 
. The key to this whole approach is for the CISO to understand the business, and to understand the mission and goals of the business.”
