Information Security Talent is Difficult to Recruit
A CISO reached out to me today based on a referral from one of his trusted peers to me. At the outset of the call, the CISO of this Fortune 200 company told me that for the past 6 to 8 months, in attempting to fill information security jobs in his organization, his internal recruiting team has made the assumption that security recruiting can be done the same way they approach the task of recruiting a Java Developer or an Oracle DBA.
- Knowing the questions that need to be asked at the outset of a CISO search requires a unique skill set.
- Knowing how to align stakeholder decision makers expectations around a CISO hire requires a unique skill set.
- Understanding how to write a CISO job description that accurately captures the needs of a company and displays what’s in it for the candidate information requires a unique skill set.
- Understanding how to build an interview process to evaluate a prospective CISO's fit with a company's business culture and a company's unique risk culture requires a unique skill set.