Never Look Again!

Succession Planning Needs to be Part of Security Recruiting

I just finished reading “Leadership In The Era Of Economic Uncertainty”. It is a timely book written either at the tail end of 2008 or even in the first month or two of 2009.

The book covers a lot of ground but one particular subject that caught my attention was succession planning.  The subject caused me to remember a comapny that hired a very talented CISO earlier in this decade.   This CISO was more talented than anyone this company had ever hired to take care of information security, compliance and risk management.

The CISO delivered and over approximately four years, was promoted four times. So far, this is a great success story.   Wait a minute, the story is about to change.   The CISO was so successful that he was ultimately promoted to the CTO office.

Over four years, with a security staff exceeding 40 security professionals, this CISO never focused on bringing someone up behind him to step into his shoes. When the time came for his promotion to CTO to occur, the company had to go outside the organization to find a new CISO.

This lack of succession planning when doing security recruiting happens too frequently.  What prompted me to write about succession planning was a mix of ideas. 

• First, I read a good book that brought the subject back to the forefront of my mind. 
• Second, I thought of a specific instance in which the lack of a sound succession plan generated personnel challenges that could have been avoided.
• Finally, a conversation I shared with a very bright Director of HR whom I’ve worked with for several years was largely wrapped around the idea of hiring with the future in mind.

The company’s Converged Chief Security Officer was hired in 2008.  There is talk today of starting a new security recruiting search to identify a Security Architect to work under the CSO.  The HR Director is smart enough to think not only about who we need to recruit to fill the void that exists today but he is also thinking about focusing our security recruiting on identifying and hiring hiring someone who could ultimately step into the shoes of the VP of Security should that person leave or should something happen to him.

 This may seem like a simple story on the surface but the implications of getting it wrong are costly.   What stands out to me is that employers rarely engage me in succession planning discussions. When a discussion of this nature occurs, it really stands out. When an employer is thinking of the future when they hire in the present, more often than not, they’ll hire based on cost and what they see on a security job candidates’s resume today rathe than focusing on what the candidate’s potential is for the future.

When hiring for the future in the present, employers have to consider whether or not today’s candidate has the raw materials to be groomed and mentored in such a way that they can step up to a bigger role within the organization in the future.  When hiring is approached with this strategy in place,  with the end in mind rather than just focusing on the here and now, better hires are made and this level of recruiting  is strategically more fun for the security recruiter to tackle.