Overworked CISOs: Gartner sees threat to IT systems

Tips on efficiency and employee management

Gartner analysts believe that by 2025, nearly half of IT security executives will change jobs and as many as 25 percent will leave the industry due to overwork, stress and burnout. In this context, the analysts also believe that by 2025, more than half of all incidents in IT security will be related to the skills shortage that has been fueled in this way.

So CISO for the Americas Pete Nicoletti, of Check Point, a cybersecurity solutions provider, has been thinking about how to address this challenge that Gartner sees, and has put together some tips to help IT leaders reduce the burden. First, IT decision makers need to work closely with their employees and determine what tools are working. They also need to figure out if work time is being wasted on ineffective tasks and put tools in place here instead. You have to take some time with each employee, sit next to them to know what they are doing, how they are doing it, where they need help or what is not working. Additionally, senior management needs to be aware of all security projects and risks, and conversely, the security department always needs to support business initiatives.

“Keeping an eye on employee satisfaction on a personal level as well, by taking care of unhappy employees and helping them quickly, is another great way to keep employee morale high.“

Jonathan Fischbein, CISO,
Check Point Software Technologies

Employees need generous vacation and flexible working hours. However, you need enough employees to be able to handle this. The IT decision-maker himself must ensure that employees are not bothered by work while on vacation, but can switch off. In addition, training programs and certification of professionals should always be improved - trained employees work much better than untrained ones. Projects can be made fun and they can even be fun with rewards when certain goals are achieved.

Security personnel should go through all job functions to receive cross-training and raise awareness of all roles. IT decision makers should identify employees with significant baseline knowledge and have this documented. After that, other employees should attend training and those employees should be able to take several weeks off so that there is no critical dependency on one or a few individuals. It also needs a succession plan. For more information, visit: checkpoint.com