Historically, “a smart company would not hire a greenhorn into the CISO seat, but a battle-tested, really and truly experienced CISO with multiple decades of experience,” Oberlaender says. “But unfortunately, in the current business climate, the opposite is happening. Companies hire cheap, inexperienced, unqualified, non-knowledgeable, and often so-called virtual CISOs for a fraction of the salary and then wonder why they have data breaches and poorly managed incidents exploding in their face.”
Meanwhile, security leaders have other avenues for fortifying their positions in the business ranks, other industry experts suggest — for example, focusing on the financial value they deliver in terms of winning and retaining customers.
CISOs “feel that they need to fight off an attack to show value, but there are many other successes they can do and show,” says Erik Avakian, technical counselor at Info-Tech Research Group. “Building KPIs is a powerful way to show their value.”
