10 questions for a CISO to answer to gain a rockstar team.

One of the major discussions a CISO has within their organization is:
What kind of team do I need to have a successful risk mitigation team? 


10 questions that a CISO has to ask themselves to get a rockstar team to protect the organization: 


  1. Do I have or need a 24x7 Security Operation Center (SOC)? 
  2. Do I have someone within the organization who currently conducts assessments against Web Applications, Social Engineering, Physical Security and External/Internals? 
  3. What kind of security products need monitoring? (SIEM, AntiVirus, IPS/IDS, Firewalls, DDoS, Web Application Firewalls) 
  4. Does anyone on my staff have Forensics background or are we using a third party?
  5. What kind of growth is our organization going through this current year and within five years? 
  6. What is our current Information Security budget within the company and is this different from the IT budget? 
  7. How big is my IT department and current organizational staff size? 
  8. What kind of compliance and regulatory standards does our organization need to abide by? 
  9. What other departments and positions are needed for risk mitigation? (Forensics, Legal, Compliance, Sys/Network admins) 
  10. Is it better for our organization to utilize consultants or full-time employees? 


There are many variables in that a CISO has to take to acquire the proper team within the organization. This team must be proactive, on top of the latest trends and exploits, while also have a business mindset in quantifying the risks within the organization.  


CISO Questionnaire

Avenues CISO's can utilize to hire top talent for their organization.

Vulsec has a CISO Marketplace where we can provide access to our partners in lieu of finding full-time support for your organization. By utilizing assessments to gain insights into the weaknesses of the organization, then the company is able to hire the proper people to fulfill these gaps. 
National Collegiate Cyber Defense Competition
CCDC is going to capture talent who are used to being in the line of fire with Capture the Flag style competitions that pertain to both offensive and defensive capabilities. 


Door of Clubs
DoC has college talent of individuals who have a passion for the industry to be apart of their school's clubs around Information Security, Secure Development, and IT. 


CyberSN is taking the recruiting style to find top talent around executives and defensive/offensive individuals who are looking at gaining different experiences within the field. 



CISO Questionnaire

If you are in need of hiring a CISO for your organization visit our article: http://blog.vulsec.com/chief-information-security-officer