What do you call a technologist who is one part Engineering leader, one part Change Architect, one part Business Strategist, and one part Sales/Community Enablement leader?
In the past, a leader who possessed all of these skills would have been the stuff of legend, but today these are the new expectations for a Security CTO.
In the last 18 months, we’ve seen an increased need for this unique leader. We believe the modern CISO-CTO hybrid, with a Product Engineering slant, will be a new consideration for any company building security products or creating an internal arsenal of security services.
Our clients are realizing that they need a special blend of skills to perform in this role; a role that has seemingly become critical to the success of a company’s security posture and narrative. The role requires dedication and a ninja-like discipline to each function. The combined result from a massive proliferation of promising security technologies; the need for organizations to see a return on their substantial security investments; and a desire to collaborate on security approaches within the community (for sales or advancing the company’s security exposure) are all driving this position to the top of the critical hire list.
Let’s break down the makeup of this exciting up-and-coming technology executive.
Driving a clear vision for Security products and services
CTOs are responsible for setting the direction and tone of the company, driving a clear vision of what the company wants, and architecting change for both the company and the community. The challenge for a Security CTO is that the product or service is more difficult to nail down because the Cyber world moves so quickly. Security CTOs need to perform consistently under grace and ensure that their constituents are informed and prepared for the next wave of threats.
Leading Business Strategy in and around Security
This is a new and often vastly different experience for most CTOs. They are tasked to create, develop, and navigate the company through a comprehensive roadmap while executing on a vision. It is assuredly a departure from their traditional function of being the technical SME or primary Architect leading a defined product or development function. Today the Security CTO role is about looking across the organization, recognizing and understanding the project investments that are in flight, and constantly working to ensure that these investments are being validated against the company’s overall strategy. This also means that the Security CTO has to balance defining their impact and creating innovation while being careful not to destabilize the existing bread and butter of the company.
Balancing technical depth with team structure
The Security CTO needs to rely heavily on their own recent hands-on experiences as well as their team of architects, analysts, and data scientists to see beyond the current technology stack and solutions. Navigating a suite of complex converged technologies takes a village. Given the plethora of open source and vendor ecosystem options, the Security CTO needs to possess a broad and deep understanding of the technology evolution that options can offer or limit. He or she is also tasked with the challenge of arranging an effective team of rock stars.
Sales Enablement and Community Outreach
One of the biggest challenges of the Security CTO role is translating the direction of the company’s security posture into a palatable, easy-to-understand narrative for the internal, external, and client community. Many CISOs and CTOs are excellent at some of the skills mentioned above, but it’s rare that one is a true internal and external adviser.
This new breed of CTO needs to see their company’s road ahead and speak confidently with all clients. They need to match their roadmap with the technology evolution around them then take it one step further by listening intently to the community and offering insights. This last part is especially important because it is often the external community that determines the direction of a product path for consumption. If the community feels that the company is not building the right product, or does not have a clear vision of what the market wants, it could spell disaster for the CTO and the company.
We look forward to carefully observing and engaging in the Security CTO evolution. It is these hybrid roles that we as executive search professional enjoy learning about and performing on.