Structural barriers to development
Taking on the cybersecurity leader role is not just about individual skills, the way many companies are structured keeps mid-level security leaders from getting the experience they’d need to move into a CISO role. Myers points to several systemic problems that make effective succession planning tough.
“For a lot of cases, the CISO role for the top job is still pretty varied within the organization, whether they’re reporting to the CIO, the CFO, or the CEO,” she explains. “That limits the strategic visibility and influence, which means that the number two doesn’t really get the executive exposure or board-level engagement needed to really step into that role.”
The issue gets worse because of the way companies are set up, according to Myers. CISOs often oversee a wide range of responsibilities, risk, compliance, governance, vendors, data privacy and crisis management. But cyber teams are usually lean and split into narrow functions, so most deputies only see a piece of the picture. That limited view makes it hard for them to be seen as truly ready for the top job.
