Defense Contractors Are Looking for the Wrong Traits in Their CISO
Threats to today’s defense industrial base (DIB) organizations exist in the digital landscape. That’s why a CISO is one of the most critical hires a defense contractor can make. While DFARS requirements and CMMC compliance are huge topics of conversation, cybersecurity leadership shouldn’t just possess technical expertise that’s honed to meet the letter of the law.
Instead, companies that want true cybersecurity effectiveness need to hire critical thinkers who can keep the organization one step ahead of threats that could hurt the business and national security.
What Kind of CISO Should Lead a DIB Contractor’s Cyber Risk Advisory?
Defense contractors that are hiring a new CISO need to assess the critical traits that demonstrate the ability to utilize adaptive risk management strategies and drive a cyber security program to the finish line. To do that, leadership should be on the lookout for these characteristics in the interview process:
- “T-shaped” skills that show depth in one core area and a breadth of knowledge across the industry.
- Creative problem solving around risks that are unique to your business.
- Understanding of real threats, not just compliance standards. This will make sure your cybersecurity budget is spent on tools and services that have a real impact.
- Eagerness to self-educate and understand the business from different perspectives.
- Finger on the pulse of what’s happening in cybersecurity technology and defense as a whole.
- Implementation experience that can drive ongoing initiatives to completion.
- Solution-oriented thinking that combines a variety of approaches. For example, some of the best cybersecurity initiatives have more to do with staff education than the latest tools.
- Adaptiveness in the face of new technologies, threats, and regulatory changes. Every CISO will confront challenges they’re not prepared for as risks evolve, so the ability to acknowledge those gaps will help organizations move faster.
Finally, be open to the possibility of working with an expert outside the cybersecurity field. Experience in risk management or national security can be an asset to the business, especially when their skills are complimented by a managed security services partner. After all, the risk variables may change from field to field, but the focus on eliminating threats remains the same.
Learn More: Cyber Risk Advisory and Vulnerability Management
If you’re still waiting for a cybersecurity 9/11 or a ransomware Pearl Harbor to punch us in the gut, wake up. The equivalent has already happened. More than one, in fact. Maybe SolarWinds and Colonial Pipeline1 didn’t have the same devastating visuals of...
There were no cyber SOCs when Sun Tzu wrote “The Art of War” more than 2,500 years ago. But the ancient Chinese warrior’s old principles can empower new cybersecurity attitudes and approaches to fighting our newest wars in the digital realm. And make...
As DIB companies navigate increased regulations and cybersecurity threats, they should turn to managed security service providers (MSSPs) as trusted advisors. What is an MSSP? Similar to a managed service provider (MSP), an MSSP acts as a trusted advisor to your...