Once upon a time, ATS systems stored millions of stale resumes of any candidate that happened to cross its path. When new roles opened and well-meaning human beings attempted to apply or refer, these systems would mostly say, “Resume already exists in database.” If one were lucky, the ATS would say, “Hey! New resume. Let me replace the old one” and if luck had truly run out, it would save two versions leaving the poor recruiter confounded. Then suddenly, GDPR happened.
The jobs market is flooded with embellished CVs, fake references and dirty data. 86% of employers have uncovered lies or misrepresentations on a resume, and the other 14% presumably don’t look hard enough. Candidate verification is expensive and slow for the recruiter, and off-putting for the candidate – hence why we are witnessing an upsurge in movements like Hiring Without Whiteboards, and a disdain for HR and recruiters in general.
There is some form of management reality beyond the “100 days” journalistic cliché: How does an incoming executive make an impact in a new role? What are the real timeframes to look at, and what can be expected and over what horizon? What are the key issues that should raise a red flag during the first few months in a new senior position? and those which can be ignored?
Through this series, we have examined how an incoming CISO can create the conditions to truly make a difference in their new job.
Of course, as we stated in the introductory article, all companies are different from one another and so are most individuals. Each will be at their particular stage in terms of security or managerial maturity.
This is the point when you really get stuck in. By now, you would have been in the new CISO job for about 2 months and it should start to feel less and less like a new job. Of course, this is not really about 100 days, and you should also start to realise it.
This is really the time-horizon over which the new CISO must start assessing their new position. Once again, many of the management tips we will be building up in this series could apply to any executive taking up a senior job in a new organisation.
Many of the management tips we will be building up in this series could apply to any executive taking up a senior job in a new organisation. But the role of the CISO is particularly sensitive in many aspects and has its own dynamics. It is often poorly understood by management and still seen by some as a necessary evil, or as an imposition by auditors or regulators.
In business and particularly in HR we talk about ‘fit’. The right fit for the role, team fit, cultural fit, it’s all about fit and often as people we expect to fit in or try our best to so that we feel a sense of belonging.
Brené Brown talks repeatedly and more so in her latest book Braving The Wilderness about the differences between belonging and fitting in, and that if we ‘fit’ we lose some of our self, some of our authenticity, because to fit, we have to change who we are at the core.
'Culture is how people behave when no-one is watching’. That was the definition used by Bob Diamond, the Chief Executive of Barclays Bank. Under his tenure, Barclays’ employees were found to be rigging the LIBOR rate for which the bank was fined £290mn. I doubt Bob knew that this was going on but he has to take some responsibility for creating a culture which allowed this to happen. It is an example of how the ‘win at all costs’ mentality can have disastrous consequences.
There is some form of management reality beyond the “100 days” journalistic cliché: How does an incoming executive make an impact in a new role? What are the real timeframes to look at? What can be expected, and over what horizon? What are the key issues that should raise a red flag during the first few months in a new senior position? and those which can be ignored? Those are the themes we will be exploring in this new series around the specific role of the CISO.
The Person, the Role and the Culture of the Firm