Skip to main content

Featured

What Motivates Young Cybercriminals?

In the world of cybercrimes, the majority of cybercriminals always seek financial gain, but this is not the primary motivation. Aside from the advanced sophistication of state-sponsored incidences, the young cybercriminal venturing into the dark side boils down to their ego. Adolescent criminals seek out recognition among their peers eager for a sense of success in an effort to prove themselves.

Many seek out popularity within internet hacking communities driven by a feeling of accomplishment they compromised a target. This provides them with a rush, a demeanor to develop their skills further becoming tragically involved with organized crime immersed in their addictive and dangerous sphere of influence.

Others find inadequate employment opportunities and thus are lured into the dark side to learn a skill as a matter of survival by participating in online hacking groups. They are easy prey for organized crime and state-sponsored groups to recruit indoctrinating them into …

Succession Planning: The Importance of a Deputy CISO


Given today’s unrelenting threat landscape, the chief information security officer (CISO) and his or her deputy CISO have arguably the toughest jobs on the organizational chart. Although it is a well-paid, respectable role, the CISO must be available to many different departments and remain savvy in all areas of cybersecurity due to the current IT skills shortage. Indeed, this professional’s role is extremely stressful and demands standards of security that are nearly impossible to deliver with 100 percent assurance.

The average security leader’s tenure is a mere two years. The CISO can be dismissed for a wide variety of reasons, such as an overlooked vulnerability, an insider attack or another type of data compromise. Furthermore, like any professional, a security leader may need to take temporary leave due to medical reasons or other unforeseen circumstances. To prepare for these events, organizations should appoint a deputy CISO and establish a clear succession plan to maintain smooth operations during a transition in security leadership.

Grooming the Deputy CISO

There is no question that high turnover rates constitute grave threats to organizations. Without a security leader, companies cannot withstand the continuous onslaught of cyber attacks. In many organizations, the CISO’s main role is to keep the company out of hot water — and that means dealing with the constant barrage of threats and maintaining compliance. However, the role is much more ambiguous than that. Candidates for the deputy CISO position should be evaluated based on their ability to navigate this complexity and juggle the CISO’s many responsibilities.
A deputy CISO must be able to:

  • Develop and cross-train future leaders in the department.
  • Ascertain the costs of developing future leaders.
  • Execute the security strategy consistently among all associates in the department.
  • Identify associates’ skills, capitalize on their strengths and improve upon weaknesses.


Planning a CISO Succession Strategy

An effective CISO succession plan should include four key elements to ensure a seamless transfer of authority.

1. Stakeholder Engagement

The succession plan should be presented to executives and board members on an annual basis. It’s critical to engage senior leadership in this process and to empower the deputy CISO to develop the necessary skills and experience he or she need to be successful. This succession plan must be a living document and part of the overall security program.

2. Evaluation of Internal Staff

Favoritism should never be a criterion, so it is wise to hire an outside firm to evaluate deputy CISO candidates within your department. A third-party assessment could unearth a diamond in the rough from several layers down on your organizational chart. At the very least, it would help executives gauge the depth of the company’s talent pool.

3. Simulations and Stress Tests

Like any disaster recovery strategy, business continuity testing is an integral part of a CISO succession plan. A security leader’s planned vacation, for example, can be a great opportunity to test the deputy CISO’s capabilities. However, impromptu, unannounced drills are also essential to develop an aspiring CISO’s ability to work under pressure.

4. Elevate the Deputy CISO

It takes many years to become a well-rounded security leader, and the incoming CISO must never be left to sink or swim. Instead, all senior executives and staff members should support the new CISO as he or she transitions into the role. The organization should also make other leaders, mentors, and coaches available to help the security team adjust. A rich feedback environment is crucial to develop the executive presence that is lacking in many candidates.

Passing the Baton

A deputy CISO must be prepared to take over when the CISO passes the baton. He or she should also be comfortable being held accountable for security. The leader must be ready, capable and confident to lead the security team in dealing with challenges such as the cybersecurity skills gap and the increasing sophistication of threats. More importantly, this individual must possess the executive presence required to work with senior executives and facilitate a smooth transition of authority in the security space.