5 qualifications to look for in every cybersecurity executive
If the past is any indication of the future, cyberattacks show no signs of slowing down. In 2014, cybercriminals illegally accessed more than one billion personal records – including home and email addresses, medical information and Social Security numbers. That marked a 54 percent increase from the previous year. From T-Mobile to Ashley Madison, a series of high-profile data breaches in 2015 affected nearly every American consumer.
In an effort to protect sensitive consumer data from increasingly sophisticated hackers, businesses and federal agencies have taken new steps to prioritize cybersecurity in the C-suite. Just weeks into the start of 2016, Morgan Stanley named Naureen Hassan the company’s first chief digital officer (CDO) for wealth management. Tasked with leading the strategy and marketing of digital tools and platforms used by the firm’s 16,000 financial advisors and 3.5 million clients, Hassan also faces the challenge of stopping cybercriminals without complicating the digital user experience.
Morgan Stanley isn’t the only one, however, investing in cybersecurity. The White House recently proposed a $3.1 billion Information Technology Fund, which will enable the modernization of legacy IT systems in addition to the creation of a Federal Chief Information Security Officer (CISO) position. By establishing the direction of U.S. cybersecurity policy and strategy, the new position will go a long way toward improving the nation’s ability to combat cybercriminals.
The advent of CDO, CISO, CSO and CMT positions means cybersecurity technologies are expected to keep sensitive information under wraps while also delivering a superior user experience. With direct input in cybersecurity purchasing decisions, CDO, CISO, CSO and CMT candidates are responsible for striking a balance between the two. Doing so, however, is far from easy.
Kohl’s Corporation CDO Krista Berry was recently fired after failing to drive sales during the company’s transition to new digital business models. A weak holiday season led to a 19 percent decrease in the department store’s stock in addition to lower profit forecasts. Not only did Kohl’s struggle to accommodate shifting consumer shopping habits during Berry’s tenure, but a security breach of the “Kohl’s Cash” loyalty program also left a number of customers without their rewards.
The cybersecurity industry is changing. It’s no longer acceptable for IT experts to focus solely on securing sensitive information. With a stronger foothold in the C-suite, cybersecurity executives now have the opportunity to impact both major and day-to-day business decisions. The right candidate will embody these five qualifications.
Hire a candidate who can recruit a talented support staff of data analysts and information security consultants while also demonstrating how the data they examine can be used to better secure personal consumer information.
In many cases, companies fail to maximize the value of consumer behavior, market trends and technological developments both inside and outside of their industry. By equipping employees with the skills and tools needed to harvest and process key data points, cybersecurity executives can begin to apply that knowledge to business decisions and opportunities.
The management experience needed to establish a culture of data also applies to IT budgets. Experience allocating resources to the most important initiatives will help short-handed cybersecurity executives continue to make an impact on an organization’s bottom line.
While the recent rise of cyberattacks has generated awareness regarding the importance of cybersecurity, many still question its impact on a businesses’ bottom line. Search for a CDO, CISO, CSO or CMT candidate who understands how an effective cybersecurity strategy will help a business achieve its fiscal objectives.
By transforming data analytics into actionable insights, businesses can both improve the user experience and prevent costly data breaches. A candidate’s responsibilities, however, don’t just end with recognizing the connection between cybersecurity and financial well-being. The importance of that relationship must also be communicated to key decision makers within a company.
Only a candidate who relies on data and logic will be able to justify the necessary investments in cybersecurity. Some executives with limited technical knowledge may be tempted to allocate cybersecurity resources toward a department that he or she believes brings greater value to the organization. Select the candidate who will convince them otherwise.
While a master’s degree in information security is certainly a plus, it doesn’t guarantee that a candidate is right for your organization. Plenty of individuals with backgrounds in psychology, engineering and law have enjoyed long-term success in the role of CISO. Mike Kalac – CISO for Western Union, for example – earned an electrical engineering degree from Texas A&M before taking over the company’s internal network management.
Keep an open mind during your search in order to avoid missing out on a candidate who can have a positive impact on your organization.
Certifications are yet another way hiring managers can spot technically capable candidates. Nearly 90 percent of CISOs, CSOs and information security directors feel certifications have helped advance their career.
Sheryl Harkleroad – an information security official at a large healthcare provider – attributes much of her professional success to the Certified Information Systems Security Professional (CISSP) credential. Not only was the CISSP required for her current job, but it also helped Harkleroad secure a 25 percent pay raise.
An Eye for Innovation
With insight into every cybersecurity initiative, CDO, CISO, CSO and CMT candidates are best positioned to identify cost-saving innovations and estimate their impact on existing business processes.
Hire a candidate who has proven his or her ability to integrate cybersecurity technologies that yield a higher ROI on business. A keen eye for such revenue-generating opportunities will set up your business for success further down the road.
A Global Perspective
Distance hardly deters cybercriminals. As a result, cybersecurity executives should be mindful of the security challenges facing businesses in every country. From guarding against complex phishing attacks to maintaining the privacy of personally identifiable information (PII) shared between Internet-connected devices, businesses share similar concerns regarding cybersecurity.
Hackers capable of compromising security networks in one location can easily use those methods to do the same elsewhere. This type of global perspective will ensure your business is prepared to combat a much wider range of cyberattacks.
Slowly but surely, Fortune 500 companies and federal agencies have made room for cybersecurity in the C-suite. The steady rise of data breaches over the past few years has gained the attention of organizations eager to secure sensitive consumer information.
While the emergence of CDOs and CMTs, and the advancement of CISOs and CSOs, are promising, hiring managers should still be wary of who they peg to fill such positions. The five qualifications listed above will point them in the right direction.
In case you missed it:
The Future is Now: Virtual Reality Creates New Branding Opportunities
The Top 30 CEOs In The World: Best Performing CEOs 2016 List
Smartphones: How we Use? [Infographic]
The top 20 business schools in the U.S. for 2017
Climbing the Experience Mountain as a “Young” CEO
By Reed Taussig, CEO of ThreatMetrix Inc.