Pick up any Security Magazine, and you will undoubtedly see a story about the shortage of qualified information security workers. Defensive efforts alone do not just drive the demand, regulators and states alike are requiring all financial organizations to have a person responsible for the information security program. The shortage is increasing the demand for qualified specialists and, as can be expected, driving salaries up quickly.
Hiring a dedicated CISO is not financially feasible for many financial institutions. Looking for responsible options to protect member information and meet regulatory requirements, Credit Unions are looking at options for cybersecurity leadership. A successful CISO must possess both business and information security knowledge. Many Credit Unions are now pursuing a hybrid approach of finding a promising internal candidate whose development is augmented by the use of an external CISO advisor and mentor.
If you chose that approach, use caution when selecting the external partner and mentor. Great mentors have multiple years of experience you can learn from to prevent making the same mistakes others make. Building a cybersecurity function is challenging enough, so if you can skip doing things the hard way, why wouldn't you? A seasoned mentor has been there, right where you are, and has made numerous mistakes that they can now use as a basis for helping others to skip the devastating effects of not knowing. The right advisor/mentor will also be able to bring proven tools, templates, and processes to the organization. Using proven artifacts can cut months off development time and enhance regulatory compliance.
When interviewing external advisors/mentors, use the same diligence, you would if you were hiring the individual. Ensure that you are getting a commitment for an individual, not just a pool of advisors.
In my career, I've been fortunate to have great mentors. I am all about doing things smarter and not reinventing the wheel. My mentors shared many stories about the mistakes made along the way that became learning lessons for me. PureIT CUSO has a world-class offering of Cyber Security Advisors and Services. Visit https://pureitcuso.com for additional information on this critical offering.