Jeff,I’ve been following your company and your blog for many years. Thank you for the insights you so unselfishly share with those of us who work in one company at a time and are not able to see the big picture that you clearly see. My company is ready to hire a Chief Information Security Officer for the first time. I brought up your name and I was asked to gather information to back up my recommendation. What value do you bring to a search for a company’s first CISO?
My first security recruiting assignment came to my desk back in the mid-1990s and I’ve been building my knowledge, expertise and relationships in the security, risk management, compliance and privacy sectors ever since.
Over the years, I’ve been fortunate to earn the trust of many companies that were hiring a CISO for the first time. They all had an idea of what they needed in a CISO but the real set of expectations came to the table when I was introduced to key stakeholder decision makers.
My CISO Job Filing Track Record
Global Mining Company
For one of the world’s largest mining companies, I was recently asked to deliver a Chief Information Security Officer. This would be the company’s first CISO. This person would have a background in information security, enterprise risk management and some physical security.
One of the CIO’s direct reports championed my cause and convinced the CIO to give me a chance. In just a few weeks, I delivered my first CISO candidate. This person had a significant background in global chemical manufacturing that included an outsourced SAP environment and a global business footprint that looked a lot like my client’s footprint.
The questions I asked the CIO brought to the surface the CIO’s desire to see candidates who came from highly industrial companies. He was tired of seeing candidates coming from banking, insurance and healthcare. I’m not speculating on this information. This is what the CIO told me.