CISO Trainings , Recruitment & Reskilling Strategy , Training & Security Leadership
CISO Challenges and the Emergence of Virtual CISO Culture
Experts Discuss Bringing in Outside Specialists to Lead SecurityAs emerging cyberthreats require new tools and strategies to prevent breaches, the role of the CISO is becoming more central to organizations for cybersecurity and compliance. But the cybersecurity community faces workplace challenges that prevent it from functioning effectively, said Tisha Bhambry, director analyst at Gartner.
Cybersecurity professionals are in a noncompetitive salary crisis that stemmed from a global talent deficit, Bhambry said. This adds to the existing struggles with a lack of representation, limited avenues for upskilling and the widening gap between job expectations and what cyber pros actually do in the workplace.
See Also: Security Culture Report for ASIA 2024
"A lack of employee development features as an emerging frustration amongst cybersecurity professionals. A Gartner survey found that compensation, location, the respect that they get while they're on the job, the technology level, the skills and limited avenues for growth are affecting their motivation levels," Bhambry said. "So, expectations for employee developmental excellence without a clear path to success are a breeding ground for frustration and attrition. That's why we see so many people switching jobs."
A growing number of companies are turning to external cybersecurity advisers or virtual CISOs. Jatinkumar Modh, a vCISO who has 22 years of experience in advising small, medium- sized and enterprise-scale organizations on cybersecurity matters, said vCISOs offer flexibility, extensive experience from working across several sectors, and unique insights to end users, though they may fact resistance as outsiders.
"It is important to interact with people and spend more time on-premises rather than sitting offline," Modh said. "This really helps you to gel with the company and drive projects ahead."
In this video interview with Information Security Media Group, Bhambry and Modh discussed:
- The challenges in hiring, skills development and motivation in security organizations;
- The benefits of using a virtual CISO;
- Examples of how vCISOs can help support organizations.
Bhambry specializes in security and privacy program management at Gartner. She helps cybersecurity and privacy leaders focus on strategy, governance, C-suite and board-level communication and data privacy. In previous roles at Deloitte and IBM, Bhambry led cybersecurity governance, risk management and assurance initiatives across diverse industries, including energy and utilities, financial services, manufacturing, insurance, healthcare and IT services.
Modh is the founder of Mumbai-based TransCon Services and Technologies. He has 22 years of experience in IT governance, risk assessment, IT infrastructure management and data privacy and security. Modh advises startups and small and medium-sized companies in IT, digital transformation, data security and data privacy.