Spotlight on leadership and cybersecurity in changing times

Metin Mitchell, Managing Partner, and guest contributors

Insights


Inside secrets to being a great candidate for an executive search firm
Wednesday, 18 July 2018 14:35

Inside secrets to being a great candidate for an executive search firm

Written by Metin Mitchell

“It’s your job to find my husband a job,” cried out the rather petulant voice calling me long distance from Hong Kong. Today I have no recollection of that lady’s husband, just of the shrill admonition that came down the phone line a few years back. I have thought of it often for it sums up so much and so often what ‘candidates’ seem to think that we, as executive search professionals are in business to do.

So, what do headhunters expect from candidates – and how can you stand out as the one that at least makes the shortlist?

The dos and don’ts of sending your CV to executive search firms

Let me first clear up a misconception, it has been explained before and will doubtless need to be explained again, a candidate for an executive search firm is not someone who sends a CV and hopes that firms like ours will find them a job.  A candidate is someone who has been solicited for a specific role because the executive search firm thinks they are relevant and qualified – and this person has now expressed an interest in the role being put forward by the search firm and is prepared to commit themselves to the executive search process, with all the considerable time and consideration this can take of an executive.

Do executive search firms look at, and take in to consideration, interesting CVs that are sent to them? Of course they do! But for the individual sending the CV, the expectation should be no more than alerting the executive search firm that you are particularly receptive to considering another role. Sending your CV “because I want to explore the market and see what are my options” is not an alternative to your own job search strategy – which might include well thought through targeting of relevant potential employers, leveraging a personal network or skills development. Expecting more than this – for example insisting that the executive search professional see you or expect them to send your CV – is frankly counterproductive.  What does it say about someone if they expect a third party to magically find them a job if they put in no effort of their own? Executive search professionals are not agents for private individuals. They are agents for companies that have retained them to handle a specific executive search assignment.

For real candidates – and I have been privileged over the last quarter of a century, to deal with thousands of highly talented, ambitious and decent individuals on search mandates that I have led– I have a few words of advice and counsel to help the next generation of candidates to get as much as they can from the search firm and the search process that they might be faced with at some point in their career.

Be honest with yourself and the executive search firm

The heart of my advice is about being clear and transparent with yourself and the executive search consultant.

When the first approach comes (by phone, or too often today by email or LinkedIn) feel free to window shop by all means – get the job specification and whatever additional information might be available.  Then take the personal decision on whether you are really truly prepared to invest your limited and precious time in such a process. If you are not, then there is little point in risking a negative impression by short changing yourself, the client and the executive search firm.  Search processes will take more time than you might initially think. In general, you can expect an interview with the search firm, multiple interviews with the client, clarifications of information, sharing of documents and informing referees that they may be contacted (if you become a finalist).

Check – why are you interested in the job?

When you are finally interested in a role be clear with yourself on why you are interested. There can be a lot of legitimate reasons. These may include the company, your ability to make impact, the increased seniority or scope of the role, and the financial rewards. And on financial rewards, it is perfectly acceptable to state that money is an important motivator and it is perfectly acceptable to say that you expect a material increase. What is not acceptable – and the most disappointing candidates do this time and time again – is to make the claim “I am not motivated by money” or “I expect to be paid like the others at my level” and then at the final stage of the process to harm their credibility by attempting to negotiate financial rewards beyond the dreams of avarice. Outrageous expectations of money at the end of the process leaves clients and search firms with a bad taste – and as for the candidate it means that they are less likely to be considered for other roles and their image and good reputation will be harmed.

My closing advice is to stay humble. The most outstanding leaders (in the Gulf think of Sheikh Mohammed bin Rashid or former Oil Minister, Ali Al Naimi), as we all know are those who keep their feet on the ground, respect all people that they deal with  and keep their overall humanity. The same is true for outstanding candidates.

Over the years, one of the most effective tools I have come to rely on when assessing candidates’ level of humility and their likely long term future success is the way they interact with junior people in my team, particularly my administrative team.  The most successful candidates, in all senses of the word, are those who are courteous to my support team, work with them as business partners and remember to say thank you.

Cybersecurity skills shortage – we are trying to solve the wrong problem
Tuesday, 19 June 2018 06:00

Cybersecurity skills shortage – we are trying to solve the wrong problem

Written by Metin Mitchell

There is a global shortage of cybersecurity skills, yet cybersecurity is the fastest growing and most pressing business issue for most corporates.

In all the solutions offered to solve this problem, I don’t believe they are going to help corporates within the timeframes needed – and actually I don’t think they willl solve the fundamental problem.

First, what are the problems?  I then want to look at how various organisations are tackling these – which I don’t think will shift current trends for years. And then I will outline my own thoughts on how organisations can tackle this problem now – there are ways, particularly in banking.

Cybersecurity skills problem is getting worse

CSO Online does an annual survey into cybersecurity skills.  In the 2018 cybersecurity skills survey, not only do cybersecurity skills continue to be the largest problematic skills shortage, but the problem is getting worse, year on year.  In 2013, 23% of the global respondents said their organisation had a problematic shortage of cybersecurity skills – by 2018 this was more than half of all organisations, at 51%.

The impact of cybersecurity skills shortage is increasing

It is probably obvious, but still needs saying.  Because organisations cannot recruit the skills they need, pressure on existing staff is increasing and critical tasks are being pushed down to people who haven’t got the experience needed.

A research report out in December 2017, The Life and Times of Cybersecurity Professionals, by the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) gives insights to the problem.

63% of respondents said cybersecurity skills shortage has increased the workload for existing staff, 41% have had to hire junior personnel instead of more experienced professionals, and 41% said cybersecurity professionals spend a disproportional amount of time on incident response and not enough time on planning and strategy. Not surprisingly, cybersecurity professionals do not have time to continuously learn in their job despite agreeing that it’s essential in order to prevent cyber attacks.

This means that many cyber security professionals are a step behind the hackers and fighting fires rather than proactively strategising how to mitigate future attacks.

How is the cybersecurity skills shortage being addressed?

Do a search on this subject and there is no doubt people across the world are scratching their heads and trying wide-ranging activities.  But they will not address this problem for years

How can we fill the cybersecurity skills shortage now?

Cybersecurity is a people problem, not a tech problem. In an earlier blog on The growing shortage of cybersecurity talent, I argued that we need to think outside the box and need a new model of cybersecurity skills at leadership level.

What are the real issues of cybersecurity?  Why is it a people problem?

This blog on the 9 common security vulnerabilities hackers exploit lists them as: mobile phones with ‘admin’ as their password, out-of-date patching, and weak email credentials and phishing.  These aren’t IT issues – they are poor employee practices.

So now to the solution.  And I focus here on the banking industry, where I have particular experience but the principles apply to every sector.

We need to recruit senior bankers who are comfortable with technology, to run cybersecurity.

What is happening at the moment is that some poor IT person tries to explain to the CEO the risks he (or she) is trying to address and the actions and budget they need. The language used is about IT – he can’t translate this into the language of the board to explain the scale of the issue and the investment or action needed.  He doesn’t do it in terms of the legal, commercial and technical aspects – or the risks to the chief executive’s job.

Bankers will look at the bigger picture – those who are used to technology will be able to understand the broad issues and can top up knowledge with specific cybersecurity training. But what they then have is the ability to translate technology into commercial language and risks.  And above all, they then know how to communicate and influence within the business – from board level to operational employees.

And it is this business head plus influencing skills that will make the difference to managing cybersecurity, reducing levels of risk and responding better when issues do arise.

Yes, we still need more people with practical tech and IT skills – but getting senior business people to manage the function is what will make the biggest impact at the fastest speed.

Banking on the Private Cloud: The Pros and Cons
Thursday, 10 May 2018 08:21

Banking on the Private Cloud: The Pros and Cons

Written by Raef Meeuwisse

Guest blog by Raef Meeuwisse, passionate about cyber, AI, keynote speaker, CISO consultancy and author of numerous cybersecurity publications, including the highly successful title ‘Cybersecurity for Beginners’.

Did you ever imagine there would be a time when a CEO could lose their job or bonus due simply to a technical issue? In the past week, the CEO of TSB, a major UK bank has come under intense personal pressure to relinquish his bonus and potentially step down from his role. The reason: Somebody messed up the transfer of customer records from the legacy system into a new location.

Read more…

When and Why Clouds Go Wrong
Tuesday, 03 April 2018 09:56

When and Why Clouds Go Wrong

Written by Raef Meeuwisse

Guest blog by Raef Meeuwisse, passionate about cyber, AI, keynote speaker, CISO consultancy and author of numerous cybersecurity publications, including the highly successful title ‘Cybersecurity for Beginners’.

Have you ever stopped to consider just how many of the technologies in our lives (and in our businesses) depend on public cloud computing?

Would your enterprise operations be affected if there were a cloud outage? How about your home life?

Read more…

The growing shortage of cybersecurity talent – how bad is it?
Monday, 26 March 2018 13:56

The growing shortage of cybersecurity talent – how bad is it?

Written by Metin Mitchell

This year I am delighted that we have launched our cybersecurity practice to help our clients address one of their most critical issues, that of assessing and sourcing cybersecurity talent.

Read more…

Saudi women – inspiring, leaning in and driving change
Tuesday, 20 March 2018 09:31

Saudi women – inspiring, leaning in and driving change

Written by Metin Mitchell

I have just finished attending the Women in Leadership Economic Forum in Riyadh and come away full of enthusiasm and optimism for what is going on in Saudi Arabia and the future for its very bright women.

Read more…

Does diversity drive innovation?
Tuesday, 13 March 2018 09:08

Does diversity drive innovation?

Written by Metin Mitchell

I am delighted to be on a panel next week, at the WIL Economic Forum in Riyadh, speaking on ‘Diversity drives Innovation – here’s why it works’. 

Read more…

2018 Trends in Hacking and Cybersecurity
Monday, 05 March 2018 09:35

2018 Trends in Hacking and Cybersecurity

Written by Raef Meeuwisse

Guest blog by Raef Meeuwisse, passionate about cyber, AI, keynote speaker, CISO consultancy and author of numerous cybersecurity publications, including the highly successful title ‘Cybersecurity for Beginners’.

According to a survey last year (the Fortinet Global Threat Report 2017), over 90% of organizations had experienced at least one attack that used a vulnerability that was over 3 years old. In that same report, it mentions that almost no attacks at all rely on zero day* threats.

Read more…

Two Thirds of Middle East Bank CEOs at Risk of Losing Jobs According to Metin Mitchell Research
Wednesday, 14 February 2018 10:30

Two Thirds of Middle East Bank CEOs at Risk of Losing Jobs According to Metin Mitchell Research

Written by Metin Mitchell

News release
14 February 2018

Two thirds of bank chief executives (71%) in the Middle East could be at risk of losing their jobs because they are not managing cybersecurity risks effectively.

Read more…

71% of Middle East bank CEOs at risk of losing their jobs
Monday, 12 February 2018 12:43

71% of Middle East bank CEOs at risk of losing their jobs

Written by Metin Mitchell

It used to be said that the only certainties in life were death and taxes. To this grim list a third is now added: you will be victim to a cyberattack. No company, no organization, no individual is immune.

The quickest way for a CEO to lose his or her job is to be ill prepared for an attack. How well a CEO prepares and how well their team deals with a cyberattack will all determine whether the CEO gets to keep their job when the bank is attacked.

Read more…

Is there really a cybersecurity skills shortage?
Monday, 29 January 2018 12:59

Is there really a cybersecurity skills shortage?

Written by Raef Meeuwisse

Guest blog by Raef Meeuwisse, passionate about cyber, AI, keynote speaker, CISO consultancy and author of numerous cybersecurity publications, including the highly successful title ‘Cybersecurity for Beginners’.

In this blog, I want to provide some valuable insights into the reasons that some firms struggle to obtain the cybersecurity skills they need, where others seem to have no challenge drawing in the right expertise.

Read more…

Cyber security – where is the skills gap in organisations?
Wednesday, 17 January 2018 13:02

Cyber security – where is the skills gap in organisations?

Written by Metin Mitchell

I was delighted to see a recent survey that young adults in the UAE are more likely to consider a career in cyber security than their peers elsewhere in the world. While it is heartening that the world – and especially the UAE – is waking up to the issues and the skills we need, it got me thinking about how cyber security careers are developed and a gap that I don’t believe is being addressed.

Read more…

Page 1 of 4