editione1.0.0
Updated October 9, 2023Let’s jump ahead—you have a person who is a good cultural fit, a great communicator, and someone who’s not afraid of getting down into the daily operations to get the job done. You may have found them outside your business or have been lucky enough to have found them within your existing team. Whatever the story is, wherever you find them—you need a plan. Your new security lead needs support if they are to survive and thrive in this new role within your organization.
The following are some elements you will need to consider when planning support for your new security lead.
You need to be their champion. This role has not existed before—you (and the leadership team) need to publicly support the new security lead. You also need to reinforce to the wider organization why this role is important and ask for their cooperation as they begin to roll out changes. This support will provide this role with not just the accountability for security, but also a public sense of authority under which they can act.
You need to know that change is coming and you need to help. Rolling out a security program impacts almost every element of the business in some way. As a leader, you need to be aware of this and factor it into your strategies. You need to make room and budget for security to operate—without it, it will waste away behind blocks and conflict.
You need to provide coaching and training. Whether you hire an experienced professional or hire from within, security is a constantly evolving field and they will need to keep their skills sharp. Ensure they have options for training and development in both security and any associated leadership or communication skills they may need.
You have to be willing to listen when they need you. Hiring for a security lead is easy, the more challenging part is making it possible for that leader to raise serious issues to the executive team. They should know that they will be listened to and considered with a view to taking the appropriate action to protect the organization, its data, and its people.
You need realistic expectations. Your new security lead has a lot to do and you need to understand what their success looks like. Success is never a complete lack of security vulnerabilities or incidents, instead, it is the creation of policies, processes, and behaviors that gradually reduce risk over time. It is the formation of operational practices that mean when incidents happen, the organization is able to recover quickly and learn from its mistakes so that similar incidents don’t happen in the future. Ensure that your performance management processes are built to measure this version of success, and that your internal processes are built to support your security lead in the event of an incident, rather than penalize them.
important Whether you promote someone from within or you find the perfect security hybrid from outside of your company, this is one of the most significant hires you are going to make for the security of your company. This role sets the expectations, tone, and approach to the people, systems, and processes that are going to protect your organization through thick and thin.
confusion Remember, it’s better to have an empty seat than the wrong person in it. Take your time, don’t rush this, and be prepared to change your approach as you learn what works best for your team. After all, if there is one thing you should be well prepared for by now, it’s adapting to change and new information.