With 3.5 million cybersecurity job openings worldwide expected by 2021, the demand for talented security professionals is at an all-time high, spans all industries, and far outstrips the supply of security leaders. Such a lopsided talent market requires HCOs not only to choose the right candidate for their organization, but also to foster a supportive and security-focused environment in which their chosen CISO will want to stay for the long haul.
Read on to learn four key actions to ensure your organization finds—and keeps—a strong security leader.
1. Put the right CISO candidate in seat
A great CISO has a combination of traits rarely found in one person: He or she must be technically skilled, but also a strong leader with sharp business acumen—and a bit of a politician to get things done. A strong willingness to learn and adapt should underpin these core traits. Top candidates will seek to learn the needs and culture of the organization and craft security plans that fit those needs.
To find the right candidate, key senior executives—including the CEO, CIO, COO, CFO, and CMO—should participate in the interview process. These executives need to have confidence in the CISO, so they should play a role in the selection.
2. Be frank about what the candidate may be walking into
A September 2016 survey of security personnel revealed that the top contributing factors for CISO turnover included a lack of a serious cybersecurity culture (31%), a lack of active participation with executives (30%), and higher compensation offered elsewhere (27%). These factors signal a need for HCOs to be candid about the organization's environment throughout the interview and selection process so the CISO candidate fully understands what he or she may be walking into in order to limit thrash within the position.
Frequent turnover compromises stability. When a HCO isn't upfront about the organization's situation and goals, the organization can end up with a revolving door that leads to security lapses, inconsistencies, and increasing risk.
3. Support and empower the CISO
Whoever is chosen as the new information security leader must be given a real chance to succeed. Organizations with effective CISOs who stay for the long term approach security as a team sport and do not place blame or point fingers when something happens. The contributing factors to CISO turnover listed above indicate that senior leader and board engagement in cybersecurity affairs is critical to empowering your CISO. Historically, many information security leaders have been highly technical individuals unaccustomed to the type of business discussion that happens at the C-suite or Board level. Partnerships like an executive mentor program can illustrate organizational support for the CISO and their cybersecurity efforts as well as further hone the CISO's skills in effective boardroom conversation.
4. Explore unconventional options
What options remain if your organization still struggles to fill or retain a CISO? Viable non-traditional solutions do exist.
One option is to cultivate and train an internal senior leader with strong interest in field to fill the CISO role.
Additionally, several well-established security firms offer a virtual CISO option with which some Health Care IT Advisor members have expressed positive experiences. With this option, it's imperative to establish a collaboration approach, set clear service expectations from the start, and identify a main point of contact on the vendor side to build and leverage institutional knowledge.
While there's no end in sight when it comes to the difficulty of navigating the cybersecurity talent market, there are several ways HCOs can ensure they hire the right candidate for the organization and keep them in seat. Download and read our latest report Rising to Prominence in the New Security Landscape: Health Care's Chief Information Security Officer to learn about other top considerations for the CISO role.
Security and the C-suite
Join us on Thursday, Feb. 15 to get up to speed on the cybersecurity landscape and different opportunities to engage executive leadership in the issue.