Episode #33. 7 Mistakes Made When Hiring Security Leaders with Claire Pales
“Seeking a security leader who can do it all will delay your hiring and possibly leave your security seat empty which only leads to increased risk.”
— Claire Pales
Welcome to Season 4 of The Secure CIO Podcast!
Over the past three seasons of the podcast, there has been a strong focus on interviewing security leaders, which has resulted in some really interesting and informative discussions. This season I'm doing things a little bit differently.
In Season 4 you are going to hear from a few people outside technology as we look at leadership and the role HR and people/culture leaders play in the recruitment process and the building of teams.
Topics include working remotely, STEM leaders on boards, and burnout in the security industry. Some of the themes that run throughout this season include trust, reflection, and leadership.
To kick off this season, the guest on episode one is...me!
Join me for my first solo episode, as I run through some of the lessons I have learned through a number of years consulting and a career in security, and share the 7 mistakes that CIO's are making when hiring a cybersecurity leader.
Links
Time Stamps
00:26 - Introduction to Season 4
00:52 - Introduction to this episode
00:52 - "What I have noticed about security hiring and retention is that there are many CIO's out there who are making decisions early in the hiring process that could be preventing making the right decisions at the end of the hiring process, or even preventing them from finding the right candidate to begin with." Claire Pales
02:00 - The role of the CIO
02:45 - Mistake #1; The reason for hiring doesn't set the CIO up for success
04:17 - Mistake #2; You use the same job description you used last time
05:42 - Mistake #3; The job description is written as a wish list of actions
05:50 - "If the job description is laid out as a wish list of actions, this can mean that after the CISO delivers these items, it's unknown what their remit should be." Claire Pales
06:17 - Mistake #4; Looking for someone that can do it all
07:40 - "Seeking a security leader who can do it all will delay your hiring and possibly leave your security seat empty which only leads to increased risk." Claire Pales
07:49 - Mistake #5; Viewing internal promotion as a 'quick win'
08:39 - Mistake #6; Leader not nurtured or developed adequately
09:33 - Mistake #7; Viewing hiring a leader through a 'set and forget' lens