Let’s suppose you’ve decided you need to hire someone to manage your cyber security for you.
Perhaps you don’t need to hire a full time employee (hint: you could use our security manager as a service, for however many hours a week you need), but you do need someone.
Let’s also suppose you have no security personnel in place at the moment. This person will be a solo practitioner, at least to start with. What are your expectations?
Ideally you will discuss this during the recruitment process, but here are some questions to think about in advance, so you are prepared.
9 questions: what will a security manager want to know?
Setting aside any discovery questions about your industry and market, what your business delivers, and for whom—which should be easy enough to explain—the following 9 questions are ones people are likely to ask.
- Are you expecting this person to do security, compliance or both?
- Follow up questions might be about compliance requirements, or whether you need to secure sensitive information
- What are your biggest security (or compliance) concerns?
- This question is asking whether you’ve done any thinking about particular security risks to your business
- What security tools and policies do you already have in place, if any?
- This is a question about how seriously security has been considered so far. Having nothing in place so far will be a different kind of situation to there being a hotchpotch of policies and tools cobbled together over time, which is different again to having a well-structured setup. This is likely to depend on how well established your organisation is.
- What budget do you have?
- Will they have budget to add any missing security tools to your stack (or another person), or will they have to do this work on a shoestring?
- Who will they report to?
- How seriously will this role be taken—and have you considered how this will integrate into your existing structures?
- Why are you recruiting now?
- This question is trying to establish whether you are facing urgent problems right now, and therefore whether they will be firefighting from the outset.
- What are you expecting them to do over the first 30, 60 or 90 days?
- Have you thought through what you need, or is this role a blank piece of paper?
- What kind of a security culture do you have in place already?
- How difficult will it be to implement change?
- How will you measure their success?
- As the old saying has it: what you get is what you measure. This will indicate what your priorities are for this role.
These are probably all questions that your candidates will want to hear the answers to, but there are likely to be others. They will want to understand:
- what’s behind your decision to recruit
- what your current issues are
- whether you have realistic expectations of what is achievable
- and whether the organisation will take their recommendations seriously and act on them.
Whether you know what you need (and why) already or not, give us a call on 0113 733 6230 to discuss our Security Manager as a Service – we’ll be happy to help.