The Security Collective

View Original

Episode #33. 7 Mistakes Made When Hiring Security Leaders with Claire Pales

See this content in the original post

“Seeking a security leader who can do it all will delay your hiring and possibly leave your security seat empty which only leads to increased risk.”

— Claire Pales

Welcome to Season 4 of The Secure CIO Podcast!

Over the past three seasons of the podcast, there has been a strong focus on interviewing security leaders, which has resulted in some really interesting and informative discussions. This season I'm doing things a little bit differently.

In Season 4 you are going to hear from a few people outside technology as we look at leadership and the role HR and people/culture leaders play in the recruitment process and the building of teams.

Topics include working remotely, STEM leaders on boards, and burnout in the security industry. Some of the themes that run throughout this season include trust, reflection, and leadership.

To kick off this season, the guest on episode one is...me!

Join me for my first solo episode, as I run through some of the lessons I have learned through a number of years consulting and a career in security, and share the 7 mistakes that CIO's are making when hiring a cybersecurity leader. 

Links

Time Stamps

  • 00:26 - Introduction to Season 4

  • 00:52 - Introduction to this episode

  • 00:52 - "What I have noticed about security hiring and retention is that there are many CIO's out there who are making decisions early in the hiring process that could be preventing making the right decisions at the end of the hiring process, or even preventing them from finding the right candidate to begin with." Claire Pales

  • 02:00 - The role of the CIO

  • 02:45 - Mistake #1; The reason for hiring doesn't set the CIO up for success

  • 04:17 - Mistake #2; You use the same job description you used last time

  • 05:42 - Mistake #3; The job description is written as a wish list of actions

  • 05:50 - "If the job description is laid out as a wish list of actions, this can mean that after the CISO delivers these items, it's unknown what their remit should be." Claire Pales

  • 06:17 - Mistake #4; Looking for someone that can do it all

  • 07:40 - "Seeking a security leader who can do it all will delay your hiring and possibly leave your security seat empty which only leads to increased risk." Claire Pales

  • 07:49 - Mistake #5; Viewing internal promotion as a 'quick win'

  • 08:39 - Mistake #6; Leader not nurtured or developed adequately

  • 09:33 - Mistake #7; Viewing hiring a leader through a 'set and forget' lens