CISO Expectations Are Becoming Impossible To Achieve

The following is a fictional job posting. Any resemblance to an actual public or private sector job posting for a CISO is purely coincidental. 

Wanted: An experienced, industry-leading Chief Information Security Officer (CISO) at well below what the market is paying when considering both wages and benefits.

This hacker guru, who excels at stopping nation-states and organized criminals from penetrating (very) vulnerable mission-critical networks, will lead a team of security staff who struggle in the fight against global adversaries and cyber war. Note: Filling existing team vacancies will be an immediate priority, but keep in mind that our budgets are tight so hiring freezes will likely be imposed soon after your hired.

This recognized expert in executive leadership, project management, team building, relationship management and budgeting will have a minimum of ten years of professional experience (twenty or even thirty years preferred) managing complex security operations centers and recovering from global cyberattacks that have devastated international business operations. (See recent ransomware attacks examples for more specific details of the challenges we are facing.)

This exceptional individual should be able to mentor staff, build award-winning strategic and tactical plans, understand the complexities involved in the global banking system, stop cybercrime, speak effectively in front of large (internal and external) audiences in funny, compelling, thought-leading ways. Note: Obtaining executive buy-in and speaking to media contacts, lawyers, accountants, college interns and the local PTA is a must. Expect plenty of after-hours meetings and numerous formal or information dinners (and lunches and breakfasts too.) And no, your spouse or family members or significant other is not invited.    

The CISO will develop and corporate policies such as: information security, privacy, urban data management and whatever other policies we need. These policies will be based on best-practices globally and an understanding (Read more…)

*** This is a Security Bloggers Network syndicated blog from Lohrmann on Cybersecurity authored by Lohrmann on Cybersecurity. Read the original post at: