Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
Planning for expected and unexpected security leadership transitions is essential to maintaining a comprehensive infosec program. This piece explains the importance of good succession planning and documentation to help ensure the program remains effective, even in the face of unexpected leadership turnover.
With the current global shortfall of cybersecurity workers hitting 3.4 million, according to ISC2, all organizations today struggle to hire and retain cybersecurity talent. With so many open positions, it’s no wonder many cybersecurity professionals decide to leave their current position in search of new challenges and/or better working environments. Primary issues that factor into a decision to stay or leave include compensation, working hours and job satisfaction.
From the employer’s perspective, it is absolutely vital to ensure employees feel like they belong and are supported so necessary work can get done and extra effort is acknowledged and rewarded. After all, cybersecurity is a significant business enabler and good people are a critical ingredient for success.
However, even the best organizations have turnover. The key is to ensure inevitable turnover is planned for prior and addressed effectively as it happens.
Departures of key employees should be seen as opportunities to reassess the health of the organization (are most team members happy and motivated?) and how effective its talent strategies are. If you haven’t done so yet, consider taking some time to evaluate why the security leader left to ensure you understand their reasoning (was the security leader facing roadblocks within the organization or was the departure motivated by less organization-specific reasons, such as better salary or location, etc.).
Download: 2023 Security Organization and Compensation Benchmark Report
The most important way to ensure a smooth transition is to have a strong succession plan in place within the security team. This is something the team can work on while the search for a new security leader continues. You must not only work to hire the right talent to fill the vacant security leader position, but also ensure you can place someone in a deputy role who can step in at times of need.
You’ve already seen what happens when a security leader leaves unexpectedly, but having a good succession plan is also critical to ensuring the team keeps running smoothly should the security leader become unavailable for any other reason (e.g., ill health, etc.).
It’s usually best to choose an internal candidate for the deputy role because such individuals are familiar with how the organization works, likely have developed key partnerships with other departments and can ensure the program continues to run smoothly while the search for a new leader is conducted. The deputy should not be considered as a full-on replacement for the security leader but should be able to act as an emergency backup in times of need.
Finally, the best security leaders—and those most likely to remain and thrive in the position—are closely aligned with the strategic and tactical priorities of the organization, as well as its mission and vision. You already have a strategic plan in place for the year ahead, and the deputy can help ensure the team continues to execute on that plan during the search for a new leader. But once hired, you should also ensure the new security leader produces a written plan, informed by the strategic and tactical goals of the organization. This plan will likely align with the current plan because it should set forth the primary goals and objectives in light of how the team will further the organization’s strategic and tactical priorities. In other words, the security leader’s plan should enable the team to fulfill the priorities of the organization.
If the security team has any questions or concerns during this transition, the security leader’s supervisor, executive leadership and/or the board of directors should feel free to engage in a dialogue to make sure there is optimal alignment between what the security leader’s plans are and what needs to be achieved strategically and tactically.
The key to ensuring a successful transition to a new security leader is good planning. To ensure your transition to a new security leader is as smooth as possible:
Download the State of the CISO, 2023–2024 Benchmark Report - the fourth in our 2024 series of reports – for additional insights and data on the evolving CISO role within the security organization.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.
February 29, 2024
By IANS Research
Access key data sets from the 2023 -2024 IANS and Artico Search’s Cybersecurity Staff Compensation Benchmark Report. Gain valuable insights on cybersecurity staff roles to hire and retain top security talent.
Access key data from IANS and Artico Search’s Compensation, Budget and Satisfaction for CISOs in Financial Services, 2023-2024 report. Find valuable insights around the Financial Services CISO role to help better understand your situation, improve job satisfaction and drive organizational change.
February 21, 2024
Learn why cloud IR is critical to security and not just another box to check. Find guidance to get started building a strong cloud IR program.