It’s a great time to be a CISO looking for a new gig.
That’s according to Martha Heller, CEO of Heller Search Associates, an IT executive recruiting firm headquartered outside of Boston, Massachusetts, who told IT Brew that she foresees an “exciting” year ahead for leaders in the industry.
“2025 is going to be big for tech execs,” Heller said. “Big, big, big.”
Heller, who has been recruiting IT executives for 20 years, spoke with IT Brew about the big changes occurring in CISO recruitment and the qualities hiring managers are looking for in their next security leader.
The conversation below has been edited for length and clarity.
What trends have you observed in the recruitment of CISOs?
There has been a massive uptick in recruiting for CISOs. We have always done the most recruiting for the CIO role and as of last quarter, our CISO recruitment surpassed our CIO recruitment for the first time in my career of running this firm.
Another trend is that boards are putting pressure on CEOs to say, “Get us a new CISO.” You didn’t see boards drive deep tech recruiting in the past, but they are now. So, that’s a new one.
Something that CISOs on the market should also be aware of: Don’t fear a breach. Increasingly, CEOs and boards that are involved in these searches want to see somebody who has been through an incident so they know how to remediate it. Breaches and incidents are now a badge of experience and a rite of passage, not a stigma.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Are there any specific industries that you’re seeing reach out more for your firm’s help in recent years?
For us, where we’re seeing a lot right now is in manufacturing and big retail. There’s always insurance. We’ve done a couple of CISO searches for insurance.
Do industry awards hold any weight in the recruitment process?
Almost the opposite. There is a belief that I do not corroborate that some of these awards are pay-to-play. You know what is appreciated? Big time certification updates. I would shift the attention from awards to continued learning and participation in the industry through associations and boards.
What makes or breaks a CISO during the recruitment process these days?
Number one, know your audience. If you are talking to a back office CIO, an old school CIO, go nuts on frameworks and foundations. But if you are talking—and hopefully, you want to be talking—to a forward-looking CIO who is without question a transformational leader, think about how security has or can grow the business innovate. Another thing is, it is all about people leadership. You cannot be a good CISO without the ability to tell a good story to people. And then I would really show how relevant you are. If you don’t say “AI” in the first 10 minutes of your interview, you might have lost already.