Finding the right talent is hard. However, if you are ready to give people a chance and hire those with the right attitude, be it those directly from university or newcomers with a different background, there are plenty of people around, who want to take their next career step in the cyber field.
Alexander Bösch, Head Security Partners leads the information security team at SIX Group. SIX operates the infrastructure for the Swiss and Spanish financial centres and the stock exchanges in both countries. With his team he balances the information security risks for SIX and focuses on security consulting, risk reviews and awareness.
Samir Aliyev, CEO and Founder of the Swiss Cyber Institute has been talking with Alexander Bösch. In this interview, Samir has been discussing with Alexander, amongst other things, about the challenges CISOs are up against in relation to talent shortage and staff retention in the field of cybersecurity.
What are the key steps an organisation should take to ensure that it is well prepared to effectively respond to and recover from a potential cyber-attack, and how should one prioritise and allocate resources towards achieving and maintaining an effective state of cyber resilience?
- Identify what is critical
- Write your recovery plans
- Practice, practice, practice
Practicing is the most important step; it will reveal all the gaps. Only when you feel the heat are you ready to extinguish a fire.
What do you consider to be the most underrated trend and/or technology in cybersecurity and why?
Security culture, it has been around for years without strategic exploitation. Humans are (still) at the heart of IT, deserve our attention and through them we can best mitigate risks.
While most business leaders are more aware of their organization’s cyber issues than they were, would you say that achieving management consensus on how best to address cyber risks remains a challenge?
Yes. Ultimately every company has to earn money. A complete risk reduction or avoidance would come at a high price. Finding the right balance is a challenge; facts and good stories help.
The nature of recent cyberthreats has tended to focus on business disruption and reputational damage. Is this what you have experienced and if so, how does this impact your organisation?
Business disruption and reputational damage are certainly very important factors. In our area we observe that our business has become more and more heavily regulated with consequences (e.g., fines). Therefore, I would add regulations as a third factor.
Amongst many challenges, CISOs are up against talent shortage and staff retention in the field of cybersecurity. What do you consider CISOs should do to identify and develop a diverse talent pool to meet an organization’s needs?
For me it is like team sports, you need players with differing skills and usually the money for recruiting is limited. Finding the right talent is hard. However, if you are ready to give people a chance and hire those with the right attitude, be it those directly from university or newcomers with a different background, there are plenty of people around, who want to take their next career step in the cyber field. Foster good team spirit: the better the team is, the more better people will be attracted to play with you.
What do you look forward to most at this year’s Global Cyber Conference?
Learn from/share with peers and to meet a lot of interesting people
