Running an Effective Discovery Process

A company searching for a CISO/Head of Security must decide not only where the new hire will report, but also what the scope and expectations of the role will be. These complex decisions are crucial to the company’s success. With so much at stake, how does a company ensure that all of their interviewers and influencers are on the same page?

We’ve developed a unique spin on the discovery process called “Interviewing the Interviewers” or ITI. Our team spends a day or two onsite, meeting with the interviewers and influencers and getting a sense of their perceived evaluation criteria and thoughts on the process. We ask a custom set of questions that relate to the originally spec’d position we were offered (if it exists) and/or what we were told by the hiring leader. The entire ITI process is meant to be swift, personal and intrusive.

After the interviews, we present our findings to the executive sponsor of the search with the goal of establishing a common language and understanding. In the security space, we hear a variety of terms that ultimately describe the same concepts. AppSec and Security Operations are two great examples; we’ve seen at least five different definitions of these terms from client to client and function to function. Our findings eventually become the basis of a thoughtfully constructed position description.

We’ve found that the ITI method is an effective way to discover the true meaning of the client’s target and the best cultural match. Here’s why:

  • Face-to-face time with interviewers and influencers helps us become familiar with everyone’s roles, motivations, and styles while allowing the team to get to know us. While many executives have worked with search firms, most have not worked side-by-side with a search partner. Understanding our value improves the search.

  • Interviewers and influencers get a chance to have their voices, thoughts and perspectives heard. We are able to get each individual’s definition of the role and the evaluation criteria/priorities without influence from others. This is the key element to getting buy-in and calibration.

  • We learn about the client’s environment using an internal lens which allows us to see the client in their natural habitat. We are able to observe the office environment and culture and make it part of the story. We ask questions to get a sense of the vibe, employee interaction, client organization, and meeting structure.

  • We hear the company’s pitch from a number of people who will interview our candidates. Since most of our candidates are gainfully employed, our clients need to make their pitch crisp and enticing. If the individual, or company as a whole, is not a strong pitcher than we want to identify this upfront. From there, we evaluate who should be pitching to the candidates and when he or she should appear in the process.

  • Most importantly, the ITI method gives us data to present to the hiring sponsor(s) to determine whether they can overcome obstacles or beliefs that may challenge the success of the search process. In the end, it is all about executive sponsorship. If we do not have the necessary air cover and ability to influence mindset then the search is likely to be unsuccessful. We could run the risk of simply finding and presenting a collection of candidates without much advising. When this (rarely) occurs, as an esteemed search legend says, we “Fetch versus Search”. And the results can be drastically different.

Whether it is the ITI method or something different, a strong discovery process from a search partner or internal recruiting function is an absolute. This process sets the stage for how the company will act when faced with difficult alignment questions, scope definitions, evaluation expectations, and overall qualification priorities and ultimately determines the success of the CISO/Head of Security role.