Dynamic capabilities allow organizations to adapt and address industry changes like digital transformation. Learning, although broad, is crucial to any business capability model. Generated organizational knowledge presents itself in new patterns of activity which can successfully solve problems for the business. Learning helps in recognizing those dysfunctional routines and preventing strategic blind spots.
As security leaders, it is our responsibility to anticipate and prepare for future changes, think strategically to plan and execute initiatives for business success. We understand the likelihood and impact of cybersecurity and technology risks and seek to reduce those risks to securely enable the business. It is not just about what capabilities to prioritize, it is also about what skills are needed to recruit, hire, and retain cybersecurity talent to reduce cyber risk.
CISO’s focus on the risk. We should prioritize hiring based on critical business risks and what knowledge and skills are required first to secure the business. Many organizations still lack the cybersecurity basics, skipping the fundamentals – yet we have a skills gap, demand gap or talent shortage within the industry?
If we were to utilize a risk-based approach to untapped cyber talent in the form of a business capability model, a CISO would then have a prioritized list of roles to recruit, hire, and retain value protectors. This leads to:
- Increased efficiencies through operational innovation which allows the business to remain competitive and continuously improve in response to emerging technology or threats while still executing your company’s strategic vision.
- Achieving business goals by creating and sustaining a competitive advantage that stands out in the market with training and upskilling as a critical success factor.
- Creating not only a strong security culture, but leading initiatives that transform businesses in response to changing needs or market conditions. This can influence the way stakeholders interact and plays a major role in attracting and retaining talent.
- Assessing how effective our security program aligns with business goals and overall strategy by benchmarking your service delivery capabilities against set standards and best practices (or identifying areas of improvement).
- Calculating the monetary value returned to the business as a result of your capability-building learning activities, better known as the Return on Investment (ROI).
We need to become better business partners linking our next generation of cybersecurity professionals to our desired outcomes and address the what and how.
Disclosures and disclaimers: Everything I write here reflects my personal views alone. Unless explicitly stated otherwise.