For years we have talked about the requirement to make the top security and risk (S&R) role increasingly business-facing, and this is now turning into a reality. Surprisingly, however, we see an increasing number of non-IT security folk stepping up to take the CISO role, often ahead of experienced IT professionals.
These "next-gen" CISOs are commonly savvy business professionals, experienced at implementing change and evolving processes, and adept at dealing with strategies, resource plans and board-level discussions. Their placement into these S&R roles often comes as an unwelcome surprise to those that have been working within the IT security teams; however, we have to recognise that this new breed are simply filling a gap. Unfortunately, although we have talked about the professionalization of the role and the need for greater business engagement, many S&R professionals are still not ready for the leap, and this opens up an opportunity for others to steal their way in.
Make no mistake; this is a significant change in the traditional S&R professional career path.
In 1898 there was the first international urban planning conference in New York. This conference was the first of its kind as it looked to address the challenges of the world’s fast growing cities. It’s hard to contemplate today but the main topic on the attendees’ lips was ---horse dung! That’s right, the concern was that in 50 years time cities such as London would ‘disappear’ due to nine feet of manure being generated by the horses used to transport people around the city. Well, we all know that did not happen and I am happily sitting in the comfort of Forrester’s London office –dung free. Our savior was the automobile and experts did not account for this technological innovation.
Ok, John, so what has this got to do with the future of I&O executive skills?
Last month, I published an update to my 2011 Forrester Wave™ on talent management because the human resource management (HRM) market has experienced tremendous consolidation and many top-rated vendors have become part of other very large organizations. I defined “talent management” as encompassing performance, learning, succession planning, and career development. When I published my current Wave in March 2013, I continued to call it the “Talent Management Wave.” This has caused confusion, because in the past two years, the word “talent management” has morphed to include recruiting, which also has seen incredible growth and change. As the Wave is a deep dive into more than criteria and focuses on 10 vendors, I could not include recruiting within the parameters of the Wave. Recruiting is also very different, with many integrations with small boutique vendors that provide important services. But the questions kept coming: “Where is recruiting?”
I decided that the title, not the content, was the problem. Therefore, this Wave has a new, more representative, title: “The Forrester Wave: Learning And Talent Development, Q1 2013.” This title better describes my effort to showcase the suite vendors that own both performance (often including succession and career development) and learning applications and have devoted tremendous energy and resources to unify the two applications (with various degrees of success). Ideally, this means that a manager can identify an employee knowledge gap and, right from the performance app, select the best learning opportunity that will address the gap, and the activity or course appears on the employee’s individual learning plan. These applications look and feel like one application.