Hiring a security chief? Avoid these 4 mistakes

Listen
Text
  • Small
  • Medium
  • Large

As data security remains top-of-mind for healthcare organizations, many are looking to invest in chief security talent.

In a contributed piece to the Wall Street Journal, Matt Aiello and Phil Schneidermeyer, co-leads of the cybersecurity practice at executive search firm Heidrick & Struggles, outline four mistakes to avoid when hiring a CISO.

1. Don't think too tactically. Historically, CISOs were mainly concerned with cyber defenses and the technology-based portions of the job. Now, however, CISOs have to be able to understand and communicate risks across the enterprise. Business acumen is just as important now as the technological know-how, the authors write.

2. Don't mismanage the reporting structure. "To whom CISOs report and what access and influence they have are as important as their qualifications and experience," according to Mr. Aiello and Mr. Schneidermeyer. CISOs should have the respect of C-suite executives and the board. However, to whom CISOs report is not entirely cut and dry, and CISOs reporting to CIOs may face conflicts of interest when, for example, a CISO finds a system's network is the root of cybersecurity issues.

3. Don't overemphasize technical qualifications. Technological expertise should be balanced with culture fit. CISOs need to be effective at communicating with and encouraging colleagues as well as speak business language with the board. The authors cite a 2015 PricewaterhouseCoopers study finding 28 percent of security leaders don't make presentations to the board while forward-looking companies encourage interaction between security chiefs and the board.

4. Don't try to find the "unicorn." The perfect candidate rarely exists, the authors wrote, and companies who wait to find an ideal candidate may lose well-qualified ones to competitors. "It's better to start with organizational fit and a systematic look at a candidate's strengths against the organization's future needs," they wrote.

More articles on health IT:

Epic and Cerner: 8 key points about company growth
Cleveland Clinic names top 10 medical innovations for 2016
8 recent vendor contracts, go-lives

Copyright © 2021 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars