During the next couple of years, organizations will be scrambling to hire information security personnel. Some will even be looking for a chief information security officer (CISO).
After learning about the candidate selection process in several organizations and after listening to a few anecdotes from several major search organizations, I was puzzled to find out that hardly anyone was screening for ethics and integrity during the interview process. Yet, in my opinion, these are the most important character traits for a CISO to possess.
Here is a story to illustrate the point: An organization wanted to hire a CISO, and it gave its search firm a strict range for the salary. The search firm duly used the range to screen out potential applicants. Several highly qualified candidates honestly admitted the range was too low, and they chose not to interview for the position.
After several rounds of interviews and discussions with the remaining candidates, one emerged as the strongest and received an offer at the highest point on the salary range. The candidate balked, saying that it was lower than his current compensation; he suggested a number 10 percent higher than the offer. Since no other candidate was strong enough, the organization met the candidate’s demand. The candidate then turned around and used the offer to obtain a salary increase from his current organization, and he turned down the new organization.
Neither the search firm nor anyone in the organization looking for the CISO was happy about this outcome. And I found it interesting that, even after the salary range was increased, the search firm did not go back to all the highly qualified candidates who had been screened out previously to see if the new range delivered a possible applicant.
Nor did anyone involved acknowledge that the chosen candidate had been unethical for the following reasons:
Though he knew he would not accept something within the advertised range, he told the search firm he was comfortable with the range and went through the interview process, thus misleading his potential employer.
He failed to inform his current employer in good faith that he would like a raise. Instead, he used the new offer to obtain a raise, thus creating a hostage situation with his current employer -- hardly a recipe for maintaining trust in a highly sensitive position.
Events like this happen all the time, and there appears to be a cultural acceptance of negotiating the best offer you can. I agree with this in principle, but I think the manner in which this is done is very important. Subtle exchanges during the process reveal a lot about a candidate's character. This candidate may have ruined his future prospects with his current organization, as well. It may have opted to keep him for now, but it is quite possible that it will make contingency plans for his future departure. In my opinion, it would be negligent not to do so.
Organizations need to ensure that screening for ethics and integrity is a key component of the CISO hiring process. I would not dream of hiring a CISO with weak ethics, and I would have turned down this candidate the moment he asked for something above the strictly advertised range, which had already been discussed with him. In addition, if the range were increased, I would have asked the recruiting firm to include all the qualified candidates who had been screened out of the pool simply because of salary range.
To me, ethics and integrity are the most important character traits a CISO can have. A CISO is in a highly sensitive position, dealing with all the security issues of an organization; how can someone with questionable ethics be appropriate?
If my CISO has weak ethics and integrity, is my organization really going to be secure? What do you think of this issue?
Yes Mansur, absolutely right. People will draw the lines in slightly different places on particular examples of conduct, but that doesn't mean there isn't a huge amount of common ground.
Thanks everyone for a great discussion. Yes this is not an easy thing to judge. Do we at least agree with the premise of the article that a high degree of integrity and ethics should be a requirement for the job?
Interesting post - but I am not sure I see all the connections here.
Interviewing and salary negotiation are complicated
You often, as was the case here, have "middle" people with recruiters. Are you 100% sure that the recruiter was 100% up front and accurate with what they are saying about the salary information.
What if the interviewee realized they did not like the new job as much as their old job? Did the interviewee tell his current company he was leaving or did they approach him? What if the current employer made a great counter offer and changed his mind - quite simply they out marketed the new company?
Seems like it would be hard to have 100% of the data that would enable you to say for sure that this person acted without integrity. Salary and job negotiation are never simple.
Brian, - These cases happen often though. The company that is supposed to release the employee will often make an offer to retain them if they were a good employee. Sometimes the offer will be too attractive they can't imagine leaving it especially since te new company is still a risk. However, there's often a likelihood your former company can trick you into not leaving, only for them to revenge later. It can be tricky sometimes.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
In all my years interacting with CFOs, I have not met one who actually understood IT -- not that I expected them to.
Why, then, do I continue to see ads seeking a strategic CIO who will report to the VP of Administration and Finance or the CFO? Sometimes ads are slightly better: CIOs report to the Chief Operating Officer. Those conducting the recruitment will sagely say: “The CIO will have complete empowerment and access to all cabinet members and the president.” However, these organizations appear to lack an understanding of the role of the CIO and the CFO.
After observing and writing about CEOs who do not leverage their CIOs to propel their organizations forward, it was very refreshing to learn about the great CEO/CIO partnership at Kaiser Permanente at this year’s World Health Congress held in Maryland.
Despite an initial round of federal funding to develop state health information exchanges (HIEs) as part of Obamacare, these clearinghouses were challenged to develop a financially sustainable model. Because it addressed sustainability early, the Delaware Health Information Network is viewed by many as a template for HIE success.
It began as a relaxing visit with my college buddy and his family. It became a glimpse into the technology-enabled future of worldwide collaboration in engineering.
True story: Despite the HITECH Act of 2009, the CEO of a major urban hospital continued his institution's policy of not hiring a CIO or CISO. Like many others, he took a wait-and-see attitude, even though HITECH strengthened the enforcement of healthcare security and privacy laws, and provided financial incentives for healthcare organizations to adopt electronic health records and information security.
50 billion household devices will be on the Internet by 2020, according to Cisco. And we're hearing foreign governments are hacking our infrastructure. Surely our refrigerators are next!
Sean Smith, a US Foreign Service IT manager, gave his life in service of his country and the world. His life and death are a humbling example for all of us who work in IT.
All the recent hoopla about cloud security overlooks an important point, which is that it's not strictly a cloud problem. The linkage of online services into cooperative chains creates the risk, and only biometrics and federation of providers can save us.
E-discovery is the requirement to make available all digital information related to, and in conjunction with, a legal proceeding. An appeals court ruled recently to limit the scope of e-discovery searches, which gives corporate counsel and IT executives a bit more power over the e-discovery process.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
New tools like laptops, tablets, smartphone, and wireless connectivity let us work from San Diego to Katmandu, and anywhere in between. But time management remains a problem.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
Email This
