Friday, March 01, 2013

Do Women Take as Many Risks as Men? - Doug Sundheim - Harvard Business Review

Do Women Take as Many Risks as Men? - Doug Sundheim - Harvard Business Review:

'via Blog this'

This article came to my attention yesterday by way of the Harvard Business Review.  The article and the research behind it was highly intriguing to me as it relates directly to the security profession.  In fact, I was so intrigued that I reached out to the article's author directly and bought his book, Taking Smart Risks.  

No, I don't get a commission if you buy Doug's book.  I bought it because I have a gut feeling that Doug has done some deep research in an area that I've been thinking through in my own mind for several years.  I simply haven't done enough research to write a book on the topic that Doug already tackled. 

I've been developing an argument with the help of an HR Director friend of mine.  I have worked with many companies that set out to hire their first CISO or their first CSO and they brought me into their search process after they had failed to fill their open positions for 6 to 18 months.

I've been fortunate to solve these open position problems every time they've been put in front of me.  It is a matter of me asking questions that nobody else has ever asked in order to get the right information on the table.  From there, I can write an accurate job description and I can set up an accurate interview process.  What my clients probably don't recognize is that underneath all of the obvious work to create alignment, I'm also measuring a prospective candidate's fit from a risk appetite perspective.  

I'm convinced that most companies that set out to hire a CISO or a CSO don't know how to hire such a person.  They don't know how to set proper expectations for such a hire.  They don't know how to write a job description that clearly aligns with the job they have to fill.  They then don't know how to properly evaluate CISO and CSO candidates in an interview process to determine who actually fits the job.  Let me know if you've had a different experience.

You'll have to come back another day to learn more about this theory I'm developing around the proper ways to hire a CISO or CSO.  I won't build my theory around Doug's book but I have no doubt that I'll learn something that will apply to the thoughts I've already generated around this topic.

Jeff Snyder's SecurityRecruiter.com Security Recruiter Blog 719.686.8810

SecurityRecruiter.com's Security Recruiter Blog