Last Week As A vCISO

Share this post
The Token Security Hire
www.lastweekasavciso.com

The Token Security Hire

Avoid these mistakes when hiring for a security leadership role

Ayman Elsawah
Jun 7, 2021
Share this post
The Token Security Hire
www.lastweekasavciso.com

Many organizations have the wrong expectations when hiring security leaders. Some look at it as a checkbox requirement to meet their third party security requirements… but not really looking for effective security (which requires change). Some others are expecting this security person will come in and magically make everything secure, without additional budget, tools, actual change, or support.

If you want security, things will need to change, even if gradually. Status quo will not work.

So when you hire a security person, but they’re not allowed to do what they’ve been hired to do, it’s pretty frustrating.

We sometimes call them this the Token Security Hire. This position is usually setup for failure.

This issue came up in a recent Slack community discussion. Many of us in the field know how to tell if a position is setup for failure or no growth.

Here are some signs:

  • Tasked with security management, but not allowed to hire anyone, no budget, no tools, etc.

  • Customer facing only... not really working with internal teams. Often put in an unethical position to say things are secure when they're not

  • Gets tons of pushback from their own manager, security recommendation ignored, or even blatantly broken.

Unfortunately, this is very common in the industry. Sometimes it’s due to a lack of education on what security really is, sometimes it’s laziness to go past the status quo, and sometimes it goes into the unethical… or a combination of all of the above.

Security people want to do good work. Let’s set them up for success and avoid the status quo.

Comment
Share
Share this post
The Token Security Hire
www.lastweekasavciso.com

Create your profile

0 subscriptions will be displayed on your profile (edit)

Skip for now

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.

TopNewCommunity

No posts

Ready for more?

© 2022 Ayman Elsawah
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing