Cyber Security
Wanted: Effective CISOs who (happily) stay longer Most security leaders change organisations every few years. The reality is that people leave jobs for many reasons. Here’s why this often becomes a problem for enterprises, the CISO or both. By Dan Lohrmann
F
or Chief Information Security Officers (CISOs) and other security leaders, the grass often looks greener on the other side of the fence. But is it really? No doubt, new professional opportunities are plentiful within the cybersecurity industry for those with the right skills and experience. Is switching organisations (when the going gets tough or the price is right) always the best road to take? Career decisions can be difficult to make and usually include a complex mix of working relationships, team chemistry, total remuneration packages and the whole work/ life balance. Meanwhile, both the public and private sectors have grown accustomed to a revolving door regarding security leadership. Some executives write this problem off as an inability to offer the right pay packages to keep top talent. Other times, security leaders get forcibly removed as the “fall person” after an embarrassing data breach or a major cyber incident or a wider management shake-up. The reality is that people leave jobs for many reasons. Nevertheless, why do security leaders tend to switch jobs more often than most other professionals? This article from
22 | Australian Cyber Security Magazine
CSO Magazine lists the top reasons that CISOs leave. This techrepublic.com article from last year lists the top reasons that 60 percent of IT security pros want to leave their jobs right now. “The main reasons cited by the IT pros who wanted to leave were job dissatisfaction and the lack of growth opportunities within their companies. Other top reasons for employees looking to quit, include unhealthy work environments (53%), absence of IT security prioritisation from executives or upper management (46%), unclear job expectations (37%) and lack of mentorship (30%).” Digging deeper, could constant changes in security leadership be a major contributing factor in the surge in expensive cyber incidents? Could security staff turnover lead to more global data breaches? Is switching companies every few years helping to stop cybercrime or making things worse? While every situation is different, CISOs seem to be swapping roles faster than a professional football player. Taken as a whole, this fact seems to point to cyber concerns worth considering by all of us — before it gets personal.