From Security Weekly WikiJump to navigationJump to search
- THE GREAT CEO WITHIN - If you’re looking for a primer on many of the responsibilities of being a startup CEO, read The Great CEO Within by Matt Mochary.
- CISOs who leave after 2 years may not finish what they start - The average tenure for a CISO is about 2.1 years, according to research from Korn Ferry. The information security industry has a 0% unemployment rate, competition for talent is unrelenting — even in the C-suite. "Unless you sit in a role for an extended period of time, you don't know that the next transition is coming," said Dave Estlick, CISO of Chipotle.
- Most CISOs ready to move jobs if something better comes along - The shortage of skilled security pros is creating an active recruitment market, with over 80% of CISOs saying they would consider a new role if approached. The research analysed responses from 500 senior security practitioners and CISOs working at businesses with over 500 heads around the world and found that only 7% of US CISOs were not actively looking or willing to consider a change of employment, compared to 11% in APAC and 16% in the UK and Ireland.
- How 4 CISOs handle stress on the job - Nearly 90% of CISOs say they are under moderate or high stress, according to a Nominet survey. Here’s how 4 CISOs handle stress:
- Andy Kim, CISO at Allstate, approaches cybersecurity like an automobile assembly line. His team pulls in the metaphorical steering wheel, air bags, brakes and seat belts. "Security just happens because it is part of the product delivery, like air bags and brakes," he said.
- A good CISO knows they "will never get risk to zero" and security is a distributed effort throughout an organization, says Greg Touhill, former US Federal CISO. "Never over-promise and under-deliver."
- "It's important for any high stress role to be able to step away and take time off. Time off does not mean you are tethered to your phone every waking minute," said Jadee Hanson, CISO at Code42. "I am talking about real time off, where you can step away from work and recharge, gain perspective, and come back refreshed to tackle the countless problems that will always be there."
- While public relations may be less forgiving, industry recognizes a CISO's performance is quantified beyond a singular event. "Developing a strong team, building relationships, growing trust with key stakeholders and the ability to align executive leadership is key to success”, says Dave Estlick, CISO at Chipotle.
- Innovation requires radical choices - “Risk is where innovation occurs”, says Margaret Heffernan, author of Uncharted: How to map the future together. She says start with a “Blank canvas” and instil family values in the business.
- A New Framework for Executive Compensation - The Evolution to a New Standard in Long-Term Incentive Pay:
- Stakeholder outcome-focused
- Financial and nonfinancial goals
- End-to-end cycles, using the same outcome measures for each cycle
- Goals that improve: (1) at a set amount over prior cycle and (2) relative to peer performance