How to Effectively Find, Compensate and Structure Cybersecurity Leadership


How to Effectively Find, Compensate and Structure Cybersecurity Leadership

In The News |

The Cybersecurity Law Report

Matthew Prewitt was extensively quoted in a Cybersecurity Law Report article on the nuances of recruiting and structuring executive cybersecurity leadership, often referred to as a chief information security officer (CISO).

Matt points out that being a C-suite executive is not simply a question of technical competence or even management skill, but also a matter of personality, gravitas, and the ability to communicate authority. The skill set required to manage the intersection of many issues—business operations, legal compliance, legal risk management, budget and investment, strategic planning, and the values and mission of the company—cannot be taught in school. Instead, Matt says that these skills are learned through the hands-on experience of having something blow up, figuring out how to fix it, and learning what to look for the next time. This maturity of judgment can be tough to find in the data security space.

Matt says that professional certifications have limited value—they are a relevant data point in evaluating the candidate, but many data security professionals are simply too busy doing sophisticated, high quality work to get certified. This is particularly true in data security and privacy, as many of the credentials are relatively new. In addition, many well-established, experienced professionals don’t feel the need to get certified.