This is the 1st piece of a 2-part series. The 2nd part can be found here: How to Hire a CISO: Process, Challenges, and Takeaways
Michael Piacente is a Co-Founder and Managing Partner of Hitch Partners, a retained executive search firm that partners with technology companies and enterprises on mission-critical leadership roles focused in Security (CSO, DevSecOps, InfoSec, and Compliance).
Hitch Partners prides itself on advising clients on the trends and challenges they will face during the course of a search engagement, so we decided to have Michael share his expertise on the current trends for the CISO role, when, why, and how your scaling company should consider hiring a CISO.
The CISO role has become one of the most challenging executive roles for companies to define.
The CISO market landscape has been changing at a rapid pace for the past few years and we see signs that it will continue to evolve over the next half-decade. As a result, there are a number of interesting and important trends that we are seeing in the space.
The CISO role is becoming one of the most critical influencer roles in a company today.
The span and level of consequence that a CISO is responsible for is paramount for businesses to recognize a leader that can ensure the company is meeting its security, compliance, and privacy goals and requirements.
The CISO community has quickly transitioned from a predominantly IT-centered technical leadership role to one that is now centered around business influence. Many CISO’s are still learning how to accomplish this business influence.
In mapping out the security leader domain, we observed many security “leaders” are relatively new at building and leading effective significant-sized security teams making the position one of an influencers. These leaders are learning how to manage and align their teams with the influencers in the organization.
It is important that security leaders demonstrate the ability to forge relationships with key colleagues such as Head of Engineering, Head of Product, Head of Sales, GC, CMO, CFO, and CEO. This switch in mindset has become one of the stronger trends we see in the space.
CISO’s are becoming more increasingly influential over product direction, architecture, and overall business decisions.
In general, today’s CISO has a heavier emphasis on product and this trend is continuing.
CISO’s are being asked to take on a greater responsibility around sales enablement, including more frequent customer interaction and a greater emphasis on driving and automating security awareness within the sales process.
In some cases, CISO’s are spending more time with customers to help position (and architect) the company’s software products for better sales productivity.
In general, we are seeing a spiking trend of CISO taking a significantly more active role in the sales enablement process to the point where this has become one of the key priorities in a CISO search decision.
Modern CISO leaders are being asked to present to the Board on a more frequent basis.
As a result, this is requiring a new skill set around executive and board-level communication. The majority of CISO up to this point have not been regularly exposed and/or mentored around this skill set.
The demand for this executive-level communication presence has been so strong that we created a separate business unit focused on managing incoming needs around CISO communication and advisory work.
How can a CISO help an organization, even if there is already a CTO-type leadership position in place?
The presence of a CTO-type leader only emphasizes the need for a CISO. The CTO’s journey is often about developing, building, or evangelizing a product and engineering culture but it is rarely about developing security-minded culture.
A strong CISO will recognize how to partner with the executives, technical leadership, and governance leaders to drive a security brand for the company. Establishing a security-minded culture from compliance to product development, to IT systems, data rules, and all the way through to internal user hygiene is critical to a fast-growing company. The CISO is responsible for changing that mindset through the development of a robust security program that includes continuous security awareness and training.
In addition to the CISO’s role of protecting the company’s data assets and privacy posture, there is a growing trend that CISO’s are also directly influencing companies to drive sales through their efforts around compliance and product enablement.
Non-technical CISO leadership skills are necessary, and a need for development in this aspect is critical since the role has grown into an influencer on product, sales, culture, internal/external and Board relationships.
Now that stage has been set with the current trends for the CISO role, in the second part of the series Michael Piacente will dive into the process and challenges of hiring a CISO.