Three Tips on How to Argue a Case for Hiring a CISO
Many organizations shy away from a CISO because they don’t feel the company will benefit from the position, and they are hesitant to spend the additional resources on a C-level position. The conversation between the Wisegate members kicked off with the question, “How do you justify the role of a CISO?” Through their conversation, the head of security member was able to leave with the following justifications:
- Focus on Security. It’s the job of the CISO to make the company more secure. This is a big pitching point to focus on. Instead of this being the role of the larger IT group, there is one executive whose sole responsibility is considering risk and security actions for the company. The job of the CISO is to make sure that the information from the security team is well communicated to a focal point where action can be taken. Target spent millions on security, but no one was at the “helm of the ship.”
- Be Proactive: Target, Home Depot, and Anthem are just a few of the many recent, major breaches. Target’s and Home Depot’s occurred when there was no CISO in place. The cost of a breach can ruin a business. It is better to be prepared, than to pay for the aftermath.
- Research Competitors: Executives look at, and care about, what their competitors are doing. Securing a CISO is a great way to position yourself as a leader in the industry and shape your industry’s standards.
Through Wisegate’s Peer-to-Peer call, the head of security member was able to take the CISO’s perspective and develop a well-rounded document that he could use to present to leadership. The insight he was able to gain helped justify the need for the position at his company.