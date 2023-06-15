A world-class CISO is a business enabler who finds creative ways for the business to take on innovative processes that provide a competitive advantage but in a secure manner, advises the firm in a new blueprint.

TORONTO, June 15, 2023 /PRNewswire/ - With cybersecurity incidents continuing to rise, organizations are working to optimize their security plans and move from a tactical position to a more strategic one. However, business leaders often find hiring or developing a chief information security officer (CISO) or a senior security leader to lead this initiative challenging. Conversely, security practitioners are looking to upgrade their skill set and find it equally challenging to determine an appropriate starting point for their development. To help organizations create a plan to develop the security leaders of tomorrow, global IT research and advisory firm Info-Tech Research Group has published its new blueprint, Hire or Develop a World-Class CISO.

"The days are gone when the security leader can stay at a desk and watch the perimeter. The rapidly increasing sophistication of technology and attackers has changed the landscape so that a successful information security program must be elastic, nimble, and tailored to the organization's specific needs.," says Cameron Smith, research advisory lead at Info-Tech Research Group. "A CISO is tasked with leading this modern security program, and this individual must truly be a Chief Officer, with a finger on the pulses of the business and security processes simultaneously. The modern, strategic CISO must be a master of all trades."

The newly published blueprint, which is the firm's proprietary step-by-step methodology for helping users complete their technology or organizational initiatives, explains that it can be difficult for organizations to find the right CISO and that the smaller the organization, the less likely it will have a CISO or equivalent position. Furthermore, due to the shortage of skilled candidates, qualified CISOs can often demand high salaries, making it easier for larger companies to attract top talent as they have more resources available, but leaves many positions unfilled elsewhere. Due to these challenges, organizations may find it easier to develop an internal CISO candidate than trying to hire an external one.

Info-Tech's research identifies the three key areas in which a world-class CISO excels. These three overarching areas enable a security culture that is aligned with the business and can make security more nimble to maintain business processes:

Align: Aligning security enablement with business requirements.

Enable: Enabling a culture of risk management.

Manage: Managing talent and change.

The firm's blueprint also outlines a four-phase methodology for organizations to follow when developing or hiring a world-class CISO. This methodology includes the following phases:

Understand Organizations Needs: Understand core competencies and identify the desired qualities in a security leader specific to the current organizational needs. Assess Candidates: Assess the core competencies of internal or external CISO candidates and determine which stakeholder relationships must be cultivated. Plan Improvements: Identify resources to close the CISO's competency gaps and plan an approach to improve stakeholder relationships. Execute Development: Decide the next actions and support the CISO moving forward. Regularly reassess to measure development and progress.

Info-Tech advises that by having a qualified CISO or security leader, organizations can see increased alignment between security and business objectives, as well as a reduction in wasted efforts and resources.

To learn more about managing cyber insurance policies and organizational risk, download the full Hire or Develop a World-Class CISO blueprint.

