Cyber Security is a business enabler, not a business stopper - Leadership competences are the new technical skills in digital transformation
If the current pandemic has taught us anything, it’s that being too dependent on human capital can come with a price. Likewise, it showed us that digital transformation can happen fast. Funny enough, human qualities, or soft skills if you will, are vital when recruiting new talent for jobs in Cyber-Security. Or at least they should, according to Markus Unterberger, Managing Director of Unterberger & Partner and Vice President of the Kennedy Executive Search network.
Unterberger & Partner is a boutique firm specialized in executive search for the financial services industry. They have a strong focus on roles in digitalization, cyber security and regulatory positions. Over the past 15 years, they have successfully completed over 150 searches in the area of Regulatory and Cyber Security including Chief Intelligence Officers and Chief Information Security Officers. In most of the cases the client focused heavily on the combination of technical and soft skills the ideal candidate needed to bring to the table. Markus understands the reasoning, but also sees the risk in overlooking management and leadership competences, his preferred term for soft skills. “Soft skills pertain a wider range than when we use the word management of leadership. But it requires a manager, a leader, to stress how cyber security should be integrated in the entire business pipeline, and not just at the end.”
He states that security, whether or not you call it Cyber Security or Information Security, is about preventing the leaking of information or data. But a leak can happen anywhere and can leak in various ways. Take client data for instance. “Sales departments use data to understand their clients. They actively interact with them to obtain the information they use to produce this data. This particular part of business is often considered a grey zone in IT. But if you visit a website as a consumer, you often need to click through a series of messages and pop-ups before you can access the information. Sales teams need to be aware that gathering information by phone, email or even private conversations, can be considered private. In fact, if they are aware and ask the client’s permission, they will likely be able to gather much more valuable information”.
Especially in times of agile ways of working and people working remote, it requires an integrated and overall implementation, but above all understanding of security measures and regulations. As can be imagined, being the barer of this news can be a daunting task. “Often, digital security measures are seen as something that is done in the end. It’s a last check before something goes out. And if it’s difficult, or the person who should ‘do it’ is ‘making a fuss’, it is considered a waste of time. This means the person in charge needs to be patient, flexible and able to enthuse and convince all levels of staff and management of the necessity and importance. They need to have great business sense. Let me tell you, these competences differ massively from what was asked 5 to 10 years ago for any role dealing with IT. However, still, these competences are often not prioritized in job descriptions”.
He is referring to the much-debated Cyber Security skills gap. Job descriptions don’t match the required skills. Because of this candidates and hiring managers, are having a hard time finding each other. Some say this also due to the fact that people tend to confuse the terms Cyber Security and Information Security. Markus “I think we can safely agree that cyber security is, or should be, part of information security. We store most of our information in cyber space after all. So, I don’t think the skills gap is about the actual term used. But semantics do play a vital role. If there is no understanding in how cyber security can help a company advance and how to put regulations and security measures to good use in order to drive digital transformation, the job description will also not appeal to the person they actually need.
Markus: “An ideal candidate should be able to work agile and innovate. They should be open to new and fresh ideas. They should be flexible, accept responsibilities and be able to simplify things. As with any leader or manager, the ideal candidate should have team spirit, be able to work with others, and to motivate and convince. At the same time, they also need to handle feedback and take learning from this. All this to be able to create meaning and value for the entire organization. An ideal company for this candidate should trust the candidate’s technical skills as well as trust and embrace their leadership competences and be open to their ideas and suggestions. If the above is reflected in the core of the business as well as in the job description, it will result in a perfect match where both the candidate and the company will prosper.