When I began asking CIOs what problem they were solving by hiring a security professional, the answers didn’t surprise me.

Responses such as ‘The audit and risk committee told us a recent audit showed we need to address cyber risk better, and this included hiring a leader to take responsibility’ were common. Some responses focused on domain expertise, having an expert to define the strategy and mitigate the organisation’s security risks.

Some of the less common responses were that a security leader was needed to advise the CIO and that security awareness was key to their remit.

The overwhelming majority spoke about protecting the customer. This is a great place to start as a rationale for having a security team and a security leader. If you put protecting your customer at the heart of what you do, your reason for being will be similar to that of the sales, marketing, finance, and operations teams: retaining the customer. Protecting the customer also means retaining your reputation in the market and ensuring the resilience of systems to continue operating through threats and incidents.

The point of this chapter is that no matter what your reasons are for bringing in a security leader, you are prepared to back this leader in their pursuits to deliver…Click here to read full article.