Attracted to disaster: Secrets of crisis CISOs

In the aftermath of a security incident, new CISOs are often appointed to take over and lead through the chaos. Here are the skills and traits experts say these crisis CISOs need—and how to prepare yourself to rise to the occasion.

businessman on a rock in a stormy ocean

Stephanie Benoit-Kurtz spent much of her career taking jobs where the priority is crisis cleanup.

“I’m brought in when organizations don’t have what they need and they need someone to figure that out,” she says. That means assessing cybersecurity capabilities, pinpointing problems, and closing gaps. The work makes her, in her words, “a nicely paid janitor.”

Benoit-Kurtz and other security experts like her have plenty of opportunities for work, with high-profile breaches and hacks pushing CEOs and boards to hire new leadership, hoping that the top-level switch-up will set their organizations on a better course in the aftermath of a disaster.

SolarWinds, for example, hired former CISA chief Chris Krebs and former Facebook CSO Alex Stamos as consultants in early 2021, shortly after the discovery that Russian hackers had compromised the company’s software and used it as a pathway to launch other attacks.

Twitter hired Rinki Sethi as its new CISO in September 2020, following the high-profile breach the social networking site had suffered in July.

To continue reading this article register now

21 best free security tools to make your job easier