MapleSEC: How to stop CSOs from saying, ‘Goodbye’

Increasing cyber attacks and the pressures COVID put on organizations is making chief security officers and their equivalents think of the unthinkable: Quitting.

In fact, Gartner believes by 2025/26, almost half of current CSOs will have left their job for another post, and of them, 25 per cent will leave cybersecurity.

Some call this The Great Resignation. Gartner calls it The Great Reflection, as infosec leaders reflect on whether they can find a balance between work and their personal life. Sometimes they conclude the solution is walking out the door.

With the current talent shortage, that’s not sustainable.

At this week’s IT World Canada MapleSEC security education event, two Gartner experts discussed what individuals and corporate leaders can to do halt this trend.

“Part of the challenge CSOs face … is you feel like you’re pioneering what you’re doing while you’re executing it,” said Geoff Crampton, an Ottawa-based Gartner executive partner. That’s in part because the CSO role is relatively new. Also, many CSOs have risen through IT positions, but today the C-suite demands members be business leaders, which isn’t a competency many CSOs have.

“You really have to sit down and figure out where are you going to invest your time, how are you going to invest your time, and what’s the most important place to put your time,” Crampton said.

Satyamoorthy Kabilan, a senior executive partner at Gartner and former director of national security and strategic foresight at the Conference Board of Canada, said CSOs should take a page from research done on others who face high-stress periods: First responders, such as police and firefighters, as well as emergency managers. One lesson: In an emergency, you can’t run 24/7 for a week, you need a team that can step in for you.

So he advises CSOs to build a team that can share duties in a crisis.

And sharing responsibility, he added, is a great motivation for others on the infosec team to stay with the company.

Meanwhile, corporate managers need to help take the load off the backs of CSO, said Crampton. “That starts with the organization understanding that cybersecurity is everyone’s responsibility. This is not a technical issue, this is not for one person to have to carry on their shoulders.”

The way senior management does that is by recognizing that cybersecurity issues are enterprise risk issues.

Gartner calls this the organization’s cyber judgment: Its ability to make risk-based decisions on a number of factors, including cybersecurity.

When an organization has good cyber judgment, Kabilan said, the CSO won’t be seen as “the blocker” of innovation. To do that, he added, the CSO has to understand the business’s needs.

Ultimately, Kabilan said, it’s up to senior management to decide if they have a great CSO — or a potential CSO — to make sure the organization develops and keeps them.

“We want CSOs to move from a role that prevents breaches to a leader that facilitates risk management,” Crampton concluded. “Second, we want to move from cyber risk being seen as a security problem to cyber risk as a business or organizational risk. Third, security can’t be seen as a roadblock. We want to re-frame that to ‘Security enables agile secure products and business operations.’

“If we can find those three reframings happening over the coming years, these positions will become much more supported in our organizations and [infosec] people will feel supported.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now