What are the biggest challenges that a CISO faces today?
The role of Chief Information Security Officer or CISO has been around for 25 years, pioneered Steve Katz 1995, but only seems to have gained traction more broadly over the past 5 - 7 years.
The role has now firmly established itself as an integral part of the corporate hierarchy as enterprises have begun to take security concerns more seriously. Which is understandable as according to the IBM Security Cost of Data Breach Report; the Average cost of a data breach in 2020 was a staggering $3.86 Million.
Some of the key challenges faced by CISO’s and those responsible for a company’s security capability include, but are of course not limited to;
Hackers and Adversarial AI
Very likely near the top spot. Coming from multiple vectors, times and styles. The ol’ game of cat and mouse.
Human Error
There is a lot a CISO can do to mitigate risk and reduce the possibility of data breaches and system compromise. But that all gets thrown out of the window when an employee unknowingly falls for a phishing scam, clicks on ransomware, introduces Shadow IT etc
Tick box security
Probably the most challenging of all. When a company hires someone to focus on its security capability but isn’t really invested in it, but need to be seen to do something.
In reality in many cases this is down to the board, owners etc not understanding the importance and or impact of security.
Does the CISO join for the challenge and try to manage upwards, educate and make a difference? Or bang your head against the wall and leave like others have in the past.
Lack of Developed Security Professionals
When faced with threats from multiple vectors, a well-developed cybersecurity team poses the most reliable defence to hackers. But Identifying, sourcing, building and retaining that crack commando unit is no easy feat. There is a chronic skills shortage of the very best cyber talent in the industry. The top 25- 30% of talent in the industry have their head down and are well looked after. Combine that with the fact that the traditional methods that most internal talent teams and external recruiters use do not consistently attract this talent in a buoyant market, yet alone in the strange times we find our self in #2020, and it is no surprise that companies struggle and often fail to attract the very best talent .
Budget
Since the beginning of the IT services profession, budget allocation, constraints and reductions have always been a challenge. Allocating a budget into something where there is no obvious return can be a hard pill for a board to swallow. But in the case of security- no news is very much good news. Unless of course you have been breached and don’t know it.
Thoughts from an expert:
Robert Rodger, CISO at Butterfield Group.
Security is a team sport.
Often security teams fail as they try to own everything, the we can do it best mentality it creates animosity, is costly, does not scale and will fail. Security is a team game where everyone in an organisation needs to play their part. Enable teams to do their job securely, as a example; provide developers with the tools, knowledge and support to deliver security code and test it themselves. Do the same with the front-line business team, infrastructure folks. Do that and you have delivered one method of scaling security and making it culturally embedded not just a bolt on process.
Alex Radford, CISO at Global Processing Services Ltd
It sounds cheesy, but security really is everyone’s responsibility. It would be great if common sense was common but unfortunately it isn’t. One of the aims today, is to make security as simple as possible for the users to comply with, which means focusing on the core pieces of security such as good access control processes and simplifying the requirements on the users. Mistakes will still happen, and they are an opportunity to learn, but when they do happen having the correct controls to ensure impact is small is helpful for the business.
Good security is not just how many compliance standards have you passed, it needs to be pervasive and ongoing. Achieving standards is a demonstration that the right things are being done, but being secure is more than just the minimum to meet a standard.
Elliot Rose, Member of PA's Management Group
In the current challenging COVID19 conditions we are seeing an increase in attacks as organisations around the world have been forced to divert resources and adopt more porous operating modes. Organisations and employees are working out of habit and employee’s defences can be down, as they adjust to the new ways of working and are having to make significant personal adjustments to daily life in order to operate safely. Increasingly organisations are experiencing a greater number of attempts to ‘socially engineer’ an attack in order to elicit sensitive information. CISOs are under pressure to provide employees with secure collaboration tools and messaging facilities. Communication is also key and business leaders (not just the CISO) need to ensure that employees are fully aware of the increase security risks.
We are also seeing secure remote as a business enabler, driving greater take up of digitisation and reducing costly office overheads. Many organisations are already looking ahead and planning how they can make the most of their investment in secure remote working to grow their business further. That means CISOs need to properly understand the changes in the business that are planned, identifying where cyber security can underpin the changes in a way that is supportive to the business.
David King, RISO at OmnicomMediaGroup
“The Boy that cried Wolf”
We are (or perhaps ‘were’) often accused of being that boy… the one that cried wolf… and we all know how that ended! There is often a disconnect between what we, as security professional, say and what our customers, clients or users expect or hear. In the same way, we are often accused of scare mongering. The GDPR was an example of that “If you don’t do as we say you’ll end up with a massive fine”. We need to get better at telling impactful stories. Why we want the company to part with cash, why people need to do their training, why we need to install more agents on the machines and why we need to monitor the network. Telling the right kinds of stories helps people understand and appreciate what we are doing and why. It’s another way of building trust, and trust is key when you’re trying to develop a culture of security.
Latest Jobs
-
- Business Development | Healthcare | Warm accounts | UK
- England
- N/A
-
Business Development | Healthcare | Warm accounts | UK Healthcare Cyber Security UK Based An experienced Business Development Manager is required to drive new cyber security revenue across a warm healthcare account base. This role is focused on new business and account growth, engaging healthcare organisations to understand risk, priorities, and operational challenges, and positioning appropriate cyber security solutions and services. Key Responsibilities Drive new business sales into a warm healthcare account base Develop and close new opportunities across healthcare organisations Build senior level relationships with IT, security, and procurement stakeholders Own the full sales lifecycle from first conversation through to close Work closely with technical pre sales and delivery teams Experience Required Proven B2B new business sales experience within cyber security or technology Healthcare sector experience desirable Strong consultative sales and closing capability Ability to achieve UK Security Clearance is required UK based with flexibility to travel What’s on Offer Warm accounts with new business focus Clear revenue ownership Competitive base salary with uncapped commission
-
- Technical Pre Sales Cybersecurity Consultant. Healthcare
- England
- N/A
-
Technical Pre Sales Cybersecurity Consultant UK Remote | Healthcare Focus Overview We are seeking an experienced Technical Pre Sales Cybersecurity Consultant to support healthcare organisations by delivering advisory, solution design, and security uplift services. This role focuses on improving security outcomes, addressing operational challenges, and enabling informed technology decisions across complex and regulated environments. The position blends technical pre sales expertise with a consultative approach, working closely with clinical, technical, and commercial stakeholders to shape effective cybersecurity solutions. The individual must be able to achieve UK Security Clearance. Key Responsibilities Provide technical pre sales support across cybersecurity solutions and services for healthcare organisations Engage stakeholders to understand security challenges, risks, and operational pain points Deliver advisory guidance and recommendations to strengthen security posture and resilience Translate customer requirements into clear, outcome focused technical and commercial solution designs Act as a trusted technical advisor throughout the sales and early delivery lifecycle Produce clear technical documentation, recommendations, and customer facing materials suitable for regulated environments Collaborate closely with sales, delivery, and technical teams to align solutions with customer needs Experience and Skills Proven experience in technical pre sales or cybersecurity consultancy Experience working within healthcare or other highly regulated sectors Broad knowledge of cybersecurity technologies, managed services, and risk based approaches Strong communication skills with the ability to engage both technical and non technical stakeholders Confident operating in a client facing, consultative role UK based role with remote working Occasional travel for customer engagement as required
-
- Contract Technical Pre Sales Cyber Security Healthcare. SC clearance needed
- England
- Outside IR35
-
Contract Technical Pre Sales Cyber Security Healthcare Outside IR35 Contract | UK Remote | Healthcare Focus Existing SC clearance is required. Overview Seeking an experienced Technical Pre Sales Cybersecurity Consultant is required to deliver advisory and uplift services across complex healthcare organisations. This Outside IR35 contract operates on a consultancy basis, focused on improving security outcomes, addressing operational pain points, and supporting informed Cyber Security decisions. The role combines deep technical pre sales capability with consultative advisory delivery, working across clinical, technical, and commercial stakeholders to shape effective and proportionate cybersecurity solutions. Responsibilities Provide technical pre sales consultancy across cybersecurity solutions and services within healthcare environments Engage senior stakeholders to understand security challenges, risks, and operational pain points Deliver advisory guidance and uplift recommendations to improve security posture, resilience, and maturity Translate healthcare requirements into clear, outcome focused technical and commercial propositions Act as a trusted technical advisor throughout the pre sales and early engagement lifecycle Produce concise technical documentation, recommendations, and advisory outputs suitable for regulated healthcare settings Experience Strong background in technical pre sales or cybersecurity consultancy Experience working with healthcare or other highly regulated environments Broad understanding of cybersecurity technologies, managed services, and risk based security approaches Ability to communicate complex technical concepts to both technical and non technical audiences Comfortable operating independently in a client facing advisory role
-
- London Sales Manager, Key Clients. Security. Immediate
- London
- N/A
-
London Sales Manager, Key Clients A senior sales leadership role within the cyber security services and technology market, focused on account development and revenue growth across key clients. You will lead a sales team with responsibility for customer retention, increasing share of wallet and maintaining a strong commercial pipeline. The role works closely with technical, delivery and marketing teams, as well as technology partners. Key focus Lead and coach a field based sales team Own forecasting, pipeline quality and revenue delivery Drive renewals and account development Expand customer investment across services and solutions Build relationships with vendors and partners Background Proven experience managing enterprise sales teams Consistent performance against revenue targets Cyber or IT security sales leadership experience Exposure to Palo Alto, Check Point, Microsoft, etc Commercially focused with a structured sales approach A role for a sales leader focused on long term client value and sustainable growth.