Startup advice: hire a head of InfoSec first

Having a Head of Information Security (InfoSec) can make or break any business.

network security woman code monitor
Thinkstock

Hiring a Head of Information Security (InfoSec) is crucial to the success and overall longevity of any business. In the past several years, we’ve seen companies from Yahoo to Target to Equifax suffer data breaches. As mass data breaches become more commonplace, C-Suite executives are now being held accountable. It’s harder to dig out of a hole than it is to prevent falling in it in the first place. Having the right InfoSec lead to help keep your organization secure could be the one person keeping you from getting the kind of publicity you don't want.

Having this role in place is not just something reserved for large organizations, in fact, if you want to truly set yourself up for success, new companies will find that having a strong InfoSec leader in place from the beginning can help avoid the kind of breaches that can make or break you. This person must have a strong technical background and be a strategic problem solver. They must have a keen security-first mindset and above all, be an approachable and clear communicator.

Today's, business is connected in ways never imagined. Email, productivity software, mobile payment platforms, and many more are widely deployed across organizations of every size. Every tool presents security vulnerabilities, and every device is susceptible to some form of attack. It’s those little things you might not have thought about that could leave your organization vulnerable. You need someone looking after each and every one.

Your Head of InfoSec will do more than simply fill in gaps in security infrastructure. They will protect and support customers, clients, employees and partners. The Head of InfoSec advises your leadership team on the needs of the organization to meet each and every compliance and security requirement. Something as seemingly small as leaving your computer screen unlocked could reveal sensitive company information. In this role, she or he would oversee a team that has a 360-degree view of the risks the organization faces and puts the necessary security technologies and processes in place to protect the organization. Empower them to set granular requirements and implement policies that limit risky behavior and you can focus on building a truly successful organization.

No matter the cost, it's worth it. Having a trusted Head of InfoSec in place from the beginning is a significantly more cost-effective strategy than outsourcing the role, especially when you’re trying to deal with a potential security incident. Setting a strong security-first culture will always pay off. This is much harder to do, however, if they are brought in well after the fact.

In terms of how to hire for this position, here's a quick list of the qualities you're looking for. 

  • She or he will know how to effectively build out a team of security professionals.
  • They understand your company and align their practices with your business goals and objectives.
  • Your Head of InfoSec is always one step ahead with the ability to draw lessons from real-world experiences and applied practices from previous roles.

As it goes in security, the weakest link in any security protocol is the individual. The real value for your organization lies in concrete strategic training and finding someone who is openly enthusiastic about being a personal resource for everyone in the organization – from the top, down.

While the same is certainly true for established enterprises, a smaller organization has a lot to lose if security personnel, systems, and processes are not in place in preparation for a large customer base. Long story short, prepare for success. If you're in growth mode, don't sacrifice security in the name of client service. Growing organizations use just as many work-sharing and productivity tools, meaning sensitive information about customers, staff, strategy and intellectual property must be protected with the same level of care, if not more. Your Head of InfoSec will implement policies for working with such tools without shorting security and will then train employees, covering everything from device security and password management to Wi-Fi usage. 

Data breaches were an almost daily occurrence in 2017. With the sheer volume of data being shared across a growing ecosystem, InfoSec professionals are trusted with a monumental task of protecting the core of any organization, its employees, customers, and partners. Taking the time to find the person to whom everyone can look to build trust across your enterprise will ensure you sleep well at night.

This article is published as part of the IDG Contributor Network. Want to Join?

Security Smart: 4 Common Password Myths ... Debunked!