By: Sam Olyaei, Principal Research Analyst, Gartner
CISOs must evolve the talent strategy to reflect the changing roles, competencies and skill sets to address digital risk.
What do you plan to do after graduation? University students are repeatedly asked this question. Those who choose to focus on cybersecurity can rest easy knowing that they have selected a field with a near-zero unemployment rate.
It’s a reality that chief information security officers (CISOs) face every day as only a limited number of people have the skills and experience required to fill needed IT security positions. Staffing challenges are compounded by rapidly changing digital business initiatives which are changing how organizations evaluate and confront risk.
There’s no proverbial jack-of-all-trades in cybersecurity. Digital business initiatives require that we have the right people in the right roles with the right skills and competencies.
The importance of digital competencies
CISOs must go beyond thinking in terms of roles when planning for digital business initiatives. They must now carefully consider which competencies and skills are required to address digital risks.
Digitalization requires a wider range of security roles that entail new skills and knowledge. CISOs need to fundamentally rethink their talent requirements.
Roles are just job titles and skills are a matter of fact. But competencies are the how, the aptitude and traits of employees.
The competencies integral to digital business execution are:
- Adaptability. Demonstrates flexibility, agility and the ability to respond effectively to changing environments.
- Business acumen. Demonstrates awareness of internal and external dynamics with an acute perception of business issues.
- Digital dexterity. Showcases the ability to leverage and manipulate media, information and technology in unique and innovative ways.
- Outcome driven. Focuses on desired results and business outcomes. Sets and achieves challenging goals.
- Collaboration/synergy. Exemplifies collaboration with other members of formal and informal teams in pursuit of common mission, vision, value and goals.
Each of these competencies is critical to one or more of the five new cybersecurity roles that today’s CISOs must plan for tomorrow.
Plan for 5 roles
- Digital risk officer. The traditional CISO role today will eventually transform into the digital risk officer. Instead of managing information and protecting infrastructure, the digital risk officer will manage cybersecurity risk. Less technical skill is need for this role and success depends on a strong business acumen and the ability to collaborate and communicate effectively.
- Chief of staff for security. The chief of staff for security, sometimes referred to as the deputy CISO, removes the administrative burden from the CISO, freeing up time to focus on higher value activities. The deputy CISO must influence and communicate effectively to optimize security workflows and processes.
- Data security scientist. The data security scientist incorporates data science and analytics into security functions and applications specifically, how machine learning, artificial intelligence and analytics can be deployed to automate tasks and orchestrate security functions using algorithms and mathematical models to reduce risk. This role requires advanced mathematical skills and statistical and data analysis.
- Security “ombudsman.” This role acts as the liaison between lines of business and the security program. Depending on the organization, this role can report into a business function and requires adaptability and political savviness.
- Digital ecosystem manager. This role coordinates security and privacy assessments and helps the digital risk officer communicate across the organization’s ecosystem, including vendors, supply-chain, regulators and other external players that could impact digital risk. It is one of the fastest growing cybersecurity roles.
To get started, CISOs should build a list of new competencies required to support their digital business initiatives and then define the skills required to execute on those initiatives.