Wednesday, August 03, 2016

Hey CISO...There's a Gap

While recruiting for a Chief Information Security Officer in Chicago the first half of my day today, I decided to do something I haven’t specifically done before.  

When I landed on a LinkedIn profile of a Chicago-based CISO, I decided to quickly scan the Summary section of their LinkedIn Profile to see what kind of message was waiting for me as the CISO's profile visitor.

Here’s a summary of what I found in the first line of many CISO summaries on LinkedIn.
  • “Senior level IT professional with expertise in Global Operations, Security, and Project Management” 
  • “In my career of over 25 years, I have designed, implemented and operated international infrastructures” 
  • “More than 20 years of IT experience with 14 years of IT management and leadership in a large IT department comprising of Networking, Telecommunications, Data Center, Data Security, Application Programming, Customer Support and Client/Server Hardware” 
  • Recognized thought leader in the area of information Security” 
  • “My 18 years of work experience has touch upon a full range of information technology. I have the skills as an administrator and as a director for information technology” 
  • “A talented Information Security & Risk Executive, combining a thorough, results-oriented approach to complex business issues with an outstanding technical background” 
  •  “IT Security Strategy & Program| Governance & Compliance| Technology Risk Management” 
  • “Internationally experienced executive who has served in the senior-most information security and information risk management roles at a number of world's largest corporations” 
There's A Gap

While there is nothing wrong what anything written above, I see a significant gap.  

The gap exists between what companies are and have been asking me to deliver in a Chief Information Security Officer and the way Chief Information Security Officers are introducing themselves with the first impression they make on LinkedIn and on their resumes.

What Companies Want In A CISO

Companies are asking me to deliver security leaders who have strong business and risk acumen.

They want CISOs who can attract, mentor, develop and lead teams of people.  

They want CISOs who are collaborative, persuasive, visionary, strategic and able to execute.  

Every CISO profile I reviewed on LinkedIn talked about technical topics.  Yes, Cybersecurity is an extremely technical topic but I didn’t run across a single LinkedIn profile that talked about Leadership.  

Nobody gave me the impression that attracting, mentoring, developing and leading teams of people was their expertise and passion. 

Nobody's LinkedIn summary convinced me that they're an expert in building relationships across lines of business.  

Nobody mentioned having developed advanced skills in collaboration, negotiation, persuasion or sometimes selling. 


The business wants, needs and expects for security leaders to be business leaders who understand business, risk, people and technology.  

The role of a CISO is not just about technology yet that’s the way CISO’s generally introduce themselves on LinkedIn and on the resumes that come to me.

If CISOs want to be a legitimate part of the "C" suite in business, it's time to develop and execute a different thought process about the CISO role.  

What Can You Do Today?

On a personal level, a different personal branding, packaging and marketing strategy would significantly help most CISOs and future CISOs to package themselves in line with the CISO businesses want to hire right now and in the future.'s Security Recruiter Blog