Buyer Beware


Companies are being breached seemingly at-will by hackers, malicious insiders, competing company entities, and nation states. Companies and consumers seem to be losing the battle.

Sources of this problem are:

  • 83 percent of organizations have no formal cyber security plan. (Source: National Cyber Security Alliance, 2012)
  • Thousands of breaches have occurred over the last 12 months. (Source: US Secret Service, 2012)
  • 48% of breaches were caused by insiders, which means employees and trusted business partners. (Source: US Secret Service, 2012)
  • 96% of breaches were avoidable through simple or intermediate controls. (Source: US Secret Service, 2012)
  • The average organizational cost of a data breach increased to $7.2 million and cost companies an average of $214 per compromised record. (Source: Ponemon Institute, 2011)
  • 67% of security professionals are unqualified to do the job. (HP Cyber-security study, 2012)

The corporation is in jeopardy with a successful breach from financial, brand and reputation damage; at times permanently. A company that does not take security seriously in our globally connected market will suffer; if not go out of business.

What advice is there for companies seeking to hire a Chief Information Security Officer or other information security professional that may increase their success and decrease their risks?


Hire the security executive with verifiable credentials, recognition and industry impact. To name a few points of verifiable interest, look for the following:

  • Has that candidate earned any accredited academic degrees?
    • While a degree does not make-or-break a security professional, you should want your security executive to have great business and professional skills comparable to other executives so look for candidates with graduate degrees.
  • Does that candidate have current industry certifications that are appropriate for security?
    • It is pretty standard for security executives to have security certifications. Make sure they are still current and have not expired.
  • Is that candidate internationally recognized by the industry as an expert?
    • Organizations such as the Information Systems Security Association (ISSA), an international organization devoted to security award just a small percentage of security practitioners with the Hall of Fame, Distinguished Fellow, Fellow, and Security Person of the Year. Look for these and other reputable forms of recognition to help identify the best-of-the-best.
  • Is that candidate sought after for keynote speaking or other presentations for industry events?
  • Does that candidate have a verifiable track record of affecting business change?
    • You want a security and risk executive who can speak the same language as your other core group of business executives. Look for examples of how this has been accomplished. Don’t overlook published works that illustrate this potential.

Stay secure my friends!

If you are interested in contacting us for more information about the content and services offered by Your Personal CXO, LLC or for media interview inquiries or aggregation requests, please use the following contact methods:

By phone: 1-762-822-4174
By email: