The market for top cybersecurity talent will remain competitive in the years ahead, as this first-line network defense is prioritized and buttressed for the rigors of tomorrow. Gartner estimates that nearly two million security positions will remain vacant through 2022. To provide organizations with insights to identify, recruit, and train premium cybersecurity professionals, Kudelski Security released a report titled “Cyber Business Executive Research: Building the Future of Security Leadership.”
The report was created in partnership with the firm’s Client Advisory Council and utilizes information gleaned from surveys and interviews with more than 100 American and European CISOs.
SEE: Security Awareness and Training policy (TechRepublic Premium)
Key findings: The importance of CISO soft skills
On the security leader side, the report highlights the invaluable need for soft skills such as strong communication and team-building capabilities alongside technical know-how. Interestingly enough, 82% of CISOs interviewed believed these communication skills to be critical. This compared to about half (52%) of individuals who believed hands-on technology experience to be critical.
Interpersonal talents will provide the CISO with the communication skills required to aptly manage emergent organizational models featuring increased telecommuting in the years ahead. Specifically, the report notes that ideal CISOs will have a 50/50 balance of both technical knowledge and this increasingly prioritized soft skill set, as this combination of talent both is currently rather rare among these professionals.
Insights for security leaders, and executive recruiters
Overall, the report details the principle difficulties surrounding hiring and retaining well-equipped security leaders. To assist, the report also provides insights to aspiring security leaders and executive recruiters, ranging from brand building and advice for building a network of future talent to protocols for handling the often lengthy CISO recruiting process.
Kudelski Security details protocols for talent acquisition to ensure long-term company health, especially in the event of CISO vacancies in-house. The respondent CISOs recommend that executive recruiters look across industries to find premium candidates, especially if their specific industry is known to be lagging in modern cybersecurity measures.
Approximately half of American CISOs and more than 90% of European respondents reported that the average recruiting time to bring in a new CISO is between six months to a year. As a result of these lengthy vacancy periods, it’s recommended that executive recruiters utilize an interim virtual CISO during the search for the ideal candidate.
It’s also recommended that companies start to consider “nurturing a talent pipeline” of candidates in the military, universities, and technical schools. Similarly, the report also reiterates the importance of identifying current employees with industry knowledge, the aforementioned soft skills, and “some ambition for career growth” as these individuals can eventually helm leading security positions with adequate training and mentorship.
SEE: VPN: Picking a provider and troubleshooting tips (free PDF) (TechRepublic)
For those security leaders with CISO aspirations, it’s suggested that these individuals begin to build key relationships in their industry and use social media platforms to increase their visibility and build their brand. Nearly one-third (29%) of those interviewed believed that risk management and compliance as well as governance positions are the “best pre-CISO” roles for aspiring security leaders.