Do our business and technology processes work together to promote and encourage appropriate and secure operating behaviors?
This question has always been at the heart of compliance roles, but there is an increasing trend for it to also be a key focus for the more technical and architectural IT and cyber roles.
By involving compliance in operational design, you build a business that is both fit for purpose whilst encouraging a ‘naturally compliant’ working process. When you also include IT Development and Cyber Security functions in this process, you create an environment that enables operational and technical compliance to work in unison, drastically reducing the opportunity for self-inflicted risks.
Cyber security is no longer simply about keeping a business “safe” from external threats, it has become a business facing function that looks at how to stop the business from inadvertently “encouraging” threats as well as identifying where they come from and of course how to stop them.
This shift means that there are an increasing number CISO’s and CIO’s, looking to hire highly technically competent professionals who also have the ability to understand how and why a business operates in a certain way. However, the supply of such professionals has not yet caught up and so many CISO’s are often forced to compromise.
The key to identifying such individuals is to look at the culture of their previous employers. If the candidates career history has predominantly been with organisations that are driven by a box ticking mentality to compliance, it is unlikely that they will have had the opportunity to deliver cyber security in unison with operations, and so unlikely to have evolved into this hybrid.
However, If they have worked in proactive service-led environments and have been encouraged to ask, “why do we?” before “how do we?” they suddenly become the ‘cream’ of the market!
As the saying goes, this isn’t rocket science, but surprisingly, many recruiters still simply search on skills and never actually sit down with an individual to listen to what they think, why they think it and most importantly; how they came to think it?
Next time you look to recruit a cyber security professional, make sure your recruiter has developed an understanding of how an individual has applied their technical skills, you may be surprised how many B CV’s are actually A* candidates and vice versa!
Written by Alex Turner, Edited by Paul Drury