Tips for Personnel Management for Office (2019)
For better productivity and boost your company sales you need best Personnel Management. This blog explains 50+ best Personnel Management Tips for Office. Having the right team focused on the right tasks at the right time yields optimum performance.
We describe some best practice techniques that executives can include in their processes for recruiting, retaining, rewarding, and managing talent in the Cyber Age. We also give recommendations on how to apply that talent as you organize for success.
Personnel Management Tip 1:
FINDING THE RIGHT FIT
Having a great strategy complemented by great plans, policies, and procedures gets you absolutely nowhere without the right people, properly trained, with the right attitude, in the right positions doing the right jobs.
As an executive, one of your principal responsibilities is to select and align the right talent to execute your organization’s mission. Throughout your career, you likely have seen the negative effects wrought by ill-prepared employees or ill-fitting personalities being overmatched by difficult tasks.
In today’s highly competitive market where organizations like yours rely on cyberspace capabilities to gain and maintain competitive advantage, you can’t afford to have ill-prepared employees or ill-fitting personalities. You have to build a team that delivers results that are effective, efficient, and secure.
Further, you have to make sure that you align the right talent to perform the right jobs. For example, too many times, we have seen organizations delegate information system administration duties to individuals who did not have the technical skills to handle the assignment adequately.
Often, the systems were misconfigured, resulting in frustrating downtime and outages affecting the organization’s effectiveness and efficiency.
We believe managers manage “things” while leaders lead people. As an executive, you need to be both a highly skilled and capable manager and a dynamic and proactive leader. In today’s information-enabled environment, the challenges of knowing who to hire, who to fire, what jobs to assign, and who to assign them to become increasingly complex.
You need to continually invest in technical training and education for both yourself and your employees to stay relevant and best postured to succeed. You need to know how to organize your team to best manage and protect its information.
This blog will give you the tools you need as you determine who and what are the “right fits” for your business. We will present you with information regarding the assignment of roles and responsibilities you should consider when determining organizational structures.
It will provide you with the information you need to educate and train your workforce to make sure they are hardened against cyber threats.
We’ll also remind you of cybersecurity concerns that are of special importance to executives in general and detailed considerations for executives operating and managing critical infrastructure. The knowledge conveyed will better posture you and your team to be “cyber smart.”
Personnel Management Tip 2:
CREATING THE TEAM
When people are asked about teams and teamwork, their minds frequently gravitate to the world of sports. Ask someone to tell you about a great team and they likely will tell you a story about a sports team.
They will tell you about a group of different individuals from different communities and circumstances who came together, blending their skills to achieve a common purpose.
They may even tell you about those on the team who didn’t get the spotlight as they subordinated their personal opportunities for glory in exchange for the team’s success. We bet you are thinking of a couple examples of great sports teams right now.
Would you describe your business and its employees this same way? Is your organization the first great team that comes to your mind when people ask you to identify great teams?
We submit that every business, whether it is a multinational conglomerate, a small- to medium-sized business, a partnership, or even a proprietorship, relies on team-work to succeed.
Isn’t your business comprised of a variety of different people with different backgrounds and skill levels all contributing toward a common purpose? Don’t you have some people who selflessly sacrifice for organizational success?
Teams are especially important in today’s highly complex information-enabled environment. If you don’t think of your business and its employees as a team, perhaps it is time to change your thinking and do something about it.
Just like sports teams, your business has specialists who contribute their unique skills and talents to make your business succeed.
You may even have your “Top Gun” salesperson that you dispatch to handle your most important clients. What about your IT staff? Are they the long snappers in your organization? Perhaps, they aren’t.
But we submit they indeed are specialists, they aren’t your “long snappers” who just come for a couple of plays. Instead, they are in on each and every play and, if they are successful in their jobs, they remain invisible and anonymous, much like Jon Kolb.
Personnel Management Tip 3:
Picking the Right Leaders
You may have a great group of individuals and even have the best strategy, but if you don’t have the right leaders, you are destined to fail.
During your professional career, you probably have seen some very successful and profitable companies suddenly take a nosedive and flounder when they put the wrong person in charge. We have too.
The person may not be bad, but if they are not the right fit, not qualified for the position, and do not possess the right leadership skills, their failure is almost certainly guaranteed.
As the boss, one of the most important assignments you will have is picking the managers and executives to execute the corporate strategy and grooming those who ultimately will take your place.
With your business’s reliance on information growing every day, hiring executives who do not understand nor appreciate IT is a losing proposition. With e-commerce, telework, office automation, mobile computing, robotics, computer-controlled manufacturing.
And a host of other information-enabled activities emerging at the forefront of business today, your C-suite and subordinate executives must have a thorough understanding of not only technology but also how to leverage it to create stunning victories every day.
Do all of your executives need to be technical experts? Of course not. In fact, we submit that sometimes it is better to hire a great executive with proven leadership skills who can be taught to understand information technology than it is to hire a technical expert and expect to transform him into a great executive and leader.
Nonetheless, you can’t afford to hire executives who fail to show the interest in or appreciation of information technology. Likewise, you want to steer clear of those who are dismissive of cybersecurity; you can’t afford them in your ranks, let alone permit them to be in charge.
Your executives not only have to be great managers but also they have to be great leaders. Leaders and their attitudes set the tone for the organization.
If your strategy calls for your organization to be information enabled and values cybersecurity to protect its vital information, you cannot afford to have leaders who do not embrace that strategy wholeheartedly.
We recommend you include focused questions on information and cybersecurity as you interview candidates for your executive positions.
Does the candidate make unsolicited mention of cybersecurity as being part of their management and leadership philosophy? Does the candidate view cybersecurity practices, training, and tools to be unreasonable burdens or normal and prudent costs of doing business? Does the candidate believe information is an asset with an intrinsic value?
Does the candidate demonstrate that they practice secure computing in both their home and office lives?
With information and information technologies continuing to take a predominant role in business, you need executives who lead efforts to safeguard your information.
Your executives need to be savvy in their professional and personal lives. You would shy away from selecting executives who have a bad reputation for unacceptable behavior such as excessive drinking, gambling, and even caustic personalities. Now, you may include how they conduct themselves in their online activities.
Many companies now comb the Internet and social media sites to vet their prospective executives and employees to see whether they have any embarrassing or inappropriate information on the net. While some people see this as an invasion of privacy, we view it as an essential business hiring practice.
You don’t want nor can you afford to hire executives whose web presence serves as a potential embarrassment to your organization. Individuals who protect their personal identities and sensitive information are more likely to protect your business’s vital information too.
An essential skill for executives in today’s information-enabled market is the ability to recognize and quickly act upon opportunities presented by information and IT. Consider businesses that decided to migrate to web pages as their digital storefront, offering lower-cost offerings available anytime, around the world.
They recognized the value proposition that such e-commerce presents as traditional brick-and-mortar store-fronts with expensive staffing, facility expenses, and other overhead costs could be replaced by a web presence that is always open, always available, no matter where the customer is located.
Companies such as Amazon and eBay were early adopters of e-commerce, while those who lagged and relied on traditional stores such as CompUSA and Circuit City did not survive.
Do you want executives who are visionary and seek opportunities to leverage the power of IT to gain a competitive advantage? Does your candidate have the proven ability to translate great vision into practical success? Is your candidate a technology innovator or troglodyte?
We recommend you make continuing professional education a priority for your executives, and when selecting the skills you want to enhance and nurture, make sure you include courses that emphasize cybersecurity.
There are many excellent courses and seminars run by major universities and professional organizations that are now beginning to recognize the importance of information assurance, information security, and other monikers that apply to the cybersecurity realm.
How do you know which course is best to meet your needs? First, determine whether the course content is aligned with your business strategy. If the course espouses principles that are consistent with your strategy and your core values, it is a contender. Second, consider how the course addresses information.
Does it present information as a valued asset that should be managed, controlled, and protected like other valued corporate assets? If so, it remains a contender. Third, does the course have a specific block of instruction dedicated to cybersecurity? If it does, it sounds promising.
Fourth, is the course a good value that fits into your budget and promises a good return on investment? If all four criteria are met, you likely have a winner worthy of your investment.
Finally, you need executives who can tell the difference between a slick salesman’s snake oil story and ground truth. Sadly, there are many people in the IT business who overpromise and underdeliver. Select executives who can pick the winners and dismiss the losers. Successful executives are curious and ask the right questions.
They do their homework and research alternatives and options before making decisions. They collaborate with experts when the topic exceeds their area of expertise. They seek other opinions and recommendations from others.
They seek to understand and appreciate technology before they make commitments to it. They are cautious when asked to be the first adopters of technology and processes. They aren’t afraid to say, “Prove it,” when presented promises of fabulous returns.
Personnel Management Tip 4:
Create Hire-Right Profiles
Dating and interviewing have a lot in common. Both are about getting to know one another better and can lead to a long-term relationship. This courtship can become something very special—a fulfilling and nurturing partnership that meets the needs of all involved.
Applying my Hire-Right Profile, a process for creating a blueprint for who is the best fit for a job, made sense as the place to start. My greatest concern in using my hiring profile for romantic purposes was that it would turn to date into a cold, dispassionate exercise.
Personnel Management Tip 5:
Adding Your Hiring Criteria
Whether you’ve interviewed hundreds or a handful of people, those experiences will shape your Hire-Right Profiles. Also, your observations of past and current employees who have succeeded and failed in the role will provide valuable details as to what makes or breaks a good hire. The following questions will uncover those details.
What are the common assets of employees who have succeeded in the job? These assets include an employee’s skills, experiences, values, education, helpful behaviors, and personality features.
As you consider potential Dealmakers, think about all of the assets of people, including past and current employees, who have succeeded in the role. Which skills and previous work experiences do they have in common?
When comparing their personal values, behaviors, and personality features, which ones were integral to their success in the role and compatibility with your culture? How did their education impact their ability to perform well in the job?
Look for patterns of assets. Assets common among successful hires are Dealmakers. Assets appearing in only a few people are Boosts.
What are the common deficits of employees who have not succeeded in the job? These deficits include unhelpful behaviors, counterproductive actions, conflicting values, and negative personality features.
Using the same process you used for Dealmakers, look for patterns among the deficits of people who failed, or who are currently failing, to meet expectations. Each deficit that shows up consistently is a Dealbreaker; deficits that appear in only a few individuals are added to the quadrant of Blocks.
In addition to Dealmakers, what other assets were exhibited by top performers?
The more Boosts a candidate has, the more likely she will consistently perform well in the role. You’ll uncover some of these answers in the first question about Dealmakers.
An in-depth review of top performers in the job will uncover additional Boosts. Think about what was truly unique about each individual who did exceptionally well. Which skills did they have that others did not?
What experience did they bring to the company that was different? What differentiated the personalities and behaviors of these top performers from everyone else? Every additional detail about these noteworthy employees becomes part of the list of Boosts in the lower left quadrant.
In addition to Dealbreakers, what other deficits were exhibited by employees who were mediocre performers?
Blocks are attributes that, individually, don’t typically cause someone to fail. However, the more Blocks someone accrues, the greater the chance he will struggle. Even when a candidate has every Dealmaker and none of the Dealbreakers, Blocks can undermine assets.
Carefully review past and current employees whose job performance was disappointing. You’re looking for hires whose tenures were nothing spectacularly good or bad. What were their negative attributes? List each attribute that is not already noted as a Dealbreaker in your Blocks.
Ask your colleagues, such as your boss and employees that report to you, to independently answer these same questions. Watch for patterns among the details as you compare their input. Traits that appear three or more times in your collective answers to each question should always be included in the correct section of a completed profile.
Your HR or talent acquisition department can be a helpful resource when creating Hire-Right Profiles. Colleagues in those departments who have been closely involved with your team should be asked to answer the four questions.
Also, many HR departments maintain files of performance reviews of past and current employees. These should be perused as well, looking for assets and deficits for inclusion in the Hire-Right Profile.
Existing Hire-Right Profiles can be used as templates for new jobs in the same department. Traits are often transferable for a new role, especially those that relate to values, helpful behaviors, and personality. Additional skills, experiences, and education can be identified using a variety of different resources, including:
• Friendly competitors who are open to an exchange of ideas.
• Job postings for similar roles at other companies; these can be found on company websites and on job boards.
• Websites that provide lists of job descriptions; examples include:
Personnel Management Tip 6:
• Membership in an HR, staffing, or employment-related association may include access to job description templates. For instance, SHRM provides its members with dozens of sample job descriptions on their website.
• Profiles on LinkedIn, especially details that people list about their job experience and skills.
When you create and use Hire-Right Profiles for each role in your company, you gain significant advantages over people who hire by gut alone. Employee selection is done subjectively, based on accurate criteria.
Your emotions, rather than running the show, are balanced with facts and logic. Instincts and gut feelings inform sound decision making versus being the primary selection method.
More important, faith in the process, versus fear of making a bad choice, allows you to make fast and accurate hiring decisions. Instead of losing talented people to more nimble competitors, Hire-Right Profiles allow you to secure top talent and fill open seats in an instant.
Personnel Management Tip 7:
No two companies are exactly alike, even when they’re in the same industry. Job titles vary, as do the skill requirements and interpersonal traits that best fit each organization’s culture. As a result, no two Hire-Right Profiles end up exactly alike, even when comparing similar roles at different companies.
There are, however, role-specific assets that often get overlooked, and should appear in almost any company’s Hire-Right Profiles. Here are three examples of such roles and their matching assets:
Role: Executive Leadership
Asset: Helicopter Leadership Skills
Executives who have successfully maneuvered between a 30,000-foot understanding of the marketplace, a 15,000-foot strategic viewpoint and a ground-level perspective of the daily operations of their company are said to be “helicopter leaders.”
They make better decisions. Helicopter leadership allows them to combine a visionary outlook with current realities to create smart strategies.
Asset: Professional Humility
Humble executives acknowledge their own limitations, rather than being driven by an unhealthy ego. Their self-awareness and healthy self-confidence allow them to surround themselves with people who have strengths and abilities they themselves lack.
Asset: Inventor Mindset
Executives with an inventor mindset view failures as opportunities. They encourage those around them to leverage mistakes as a chance to improve capabilities and deepen relationships.
Asset: Collaborative Curiosity
Curious salespeople ask better questions. They get to know their buyers and their needs, taking time to uncover detailed information. This creates lasting relationships built on trust and understanding.
Asset: Fearless Tenacity
Over 80 percent of deals close after the fifth contact with a prospect. Fearlessly tenacious salespeople are the ones who keep showing up, knowing that every “no” moves them that much closer to the next buyer who will say “yes.”
Asset: Tempered Impatience
Impatience in sales professionals can be a virtue, but only if it’s tempered with a focus on the greater good. Salespeople with tempered impatience are motivated to help customers improve their circumstances as soon as possible. They’re driven to build and maintain mutually beneficial relationships.
Role: Customer Service
Problem resolution is vital to excellent customer service, as long as it doesn’t go too far. People who have a proven track record for setting boundaries in a kind and compassionate manner deliver service that’s respected and remembered.
Asset: Collaborative Compromise
When customers require help, savvy customer service pros avoid trying to resolve the situation on their own. Instead, they collaborate with customers, remembering that two heads are better than one.
The world is filled with people who care too much about how they’re seen by others. Such people-pleasers focus on their own likability. Outcome-achievers strive to create a positive outcome for all parties, knowing that compromise is more potent than popularity.
Your Hire-Right Profiles must reflect your organization’s values, needs, and culture in order to be useful. When considering these recommended traits for your roles, review each one carefully, making sure they fit your specific needs and culture.
Personnel Management Tip 8:
Trust the Process
When we began working together, Sharon Strauss was no stranger to using hiring profiles. Strauss is vice president of client services at Vitamin T, a global talent agency that serves creative digital professionals.
She came to me, wanting to improve Vitamin T’s hiring process for internal staff. “Our biggest challenge, hands down, was getting our staff away from hiring with their gut,” she said. “If they really liked someone, they wanted to hire that person, even if there were indicators that she was not the best fit.”
It took a few minutes over the phone to walk Strauss through the structure of the Hire-Right Profile. The familiarity of a four-quadrant table and the straightforward labels for each quadrant make it simple to share this with anyone, anywhere.
After outlining the structure for her, Strauss took it from there. She filled in each section and, along the way, discovered several key insights. “Identifying Dealmakers was relatively easy. Once I started listing those, it was hard to stop.
They flowed from my head to my hand to the paper. When I moved on to Dealbreakers, I initially found myself listing the opposites of my Dealmakers. That’s why using the four questions to guide the process was important. As I refocused on the deficits of employees who had not succeeded in the job, identifying Dealbreakers became easier.”
The simple design of these candidate blueprints has allowed Vitamin T to implement a standardized hiring tool that can be used companywide. In rolling out Hire-Right Profiles, Strauss quickly learned how the tool would make their good selection methods better.
That’s one reason why it’s vital to include your colleagues in creating these profiles. As you use them, make sure you’re able to confirm that candidates have all of the Dealmakers and none of the Dealbreakers.
Follow the plan and don’t let your personal feelings overrule the obvious. And be sure to follow the ‘rules,’ especially the one about never changing the details in the midst of the interview process.”
Personnel Management Tip 9:
Using Completed Hire-Right Profiles
Once completed, Hire-Right Profiles shape the remaining steps of the Talent Accelerator Process. The following four rules will help you get the most from your completed profiles:
Rule #1: Never Change Hire-Right Profiles in the Midst of Interviews
When a candidate seems to be a great fit but is missing one Dealmaker, it’s normal to want to adjust the profile to match the person. The same is true with Dealbreakers—but each one was listed for a reason. Sticking with what’s on a Hire-Right Profile ensures that you hire logically instead of emotionally.
Rule #2: Use Hire-Right Profiles as a Checklist, Providing One to Every Person Interviewing a Candidate
Hire-Right Profiles ensure that your team misses nothing. How? Each interviewer checks off criteria they witness during their interactions, confirming that prospective new hires match every Dealmaker and have none of the Dealbreakers.
Rule #3: Update Hire-Right Profiles to Increase Their Accuracy
Each round of hires can provide details that improve the accuracy of future Hire-Right Profiles. Review the performance of new hires two to three months after the start of their employment. Use their successes and struggles to add details to the profile.
Rule #4: Be Specific
Specific criteria are easier to understand and identify than generalities. For instance, listing a “drama-filled life” as a Dealbreaker might confuse interviewers. It’s too ambiguous. Instead, describe specific behaviors, such as “complains daily about the latest difficulty or injustice.”
Personnel Management Tip 10:
Facts Over Feelings
During my “interviews” with potential relationship partners, my Dating-Right Profile made it easier to know who did and didn’t fit my needs. But that was just the start; it helped me through each step of the dating process.
It served as my guide on who to date, informed the questions I asked of each person, and ensured I never compromised my values nor allowed my emotions alone to run the show.
Your Hire-Right profiles will do the same for you. You’ll rely on these candidate blueprints in each step of the Talent Accelerator Process. They’ll guide you in selecting resources for procuring better talent. You’ll use them to write compelling content for employment ads and job postings.
They’ll help you craft provocative questions that elicit the details needed to make accurate hiring choices. Hire-Right Profiles help you get away from hiring by gut. Facts become more important than feelings, resulting in hires who do good work.
Personnel Management Tip 11:
Incorporating Hire-Right Profiles into your selection process takes minutes when you follow these steps.
Prioritize Your Jobs
People often choose one of two paths to begin: the easy road or the vital one. The easy road to creating your first Hire-Right Profile is by picking a familiar role, one where you and your colleagues have lots of hiring experience. You may elect the vital path by choosing a job that is especially important to your company or department. Neither path is wrong.
The most important thing is to make a choice and create your first profile, knowing that making progress is more important than choosing perfectly.
Create Your First Hire-Right Profile
Use the four questions for adding your hiring criteria to complete each quadrant. Start with the top half of the profile. If you find it easier to start with Dealmakers, begin there.
What if you’d rather start with Dealbreakers? Go for it. After completing the top half, move on to the bottom portion for Boosts and Blocks. Write down everything that comes to mind, knowing that you can move items, delete criteria, or add information at any time. Keep focusing on progress, not perfection.
Personnel Management Tip 12:
Involve Key Colleagues
Select at least three colleagues to independently create their own Hire-Right Profiles for the same role. Ideally, this occurs at the same time you’re creating your own version.
When three other colleagues aren’t available, look outside your company. This could include vendors or service providers who’ve interfaced with people in the role for which you are creating a Hire-Right Profile.
Research When Needed
Use resources, such as the job description websites listed in this blog, when creating Hire-Right Profiles for new jobs. You may also find these resources helpful if you are stuck when trying to complete a profile for an existing role.
Personnel Management Tip 13:
Compare and Combine
Review your Hire-Right Profile alongside those of your colleagues. When a trait appears three or more times, that detail should always be included in the correct section of a completed profile.
Follow the Do’s and Don’t’s
Don’t change Hire-Right Profiles in the midst of interviews or use vague labels. Do create Hire-Right Profiles that are used as checklists by each interviewer, updating them 60 to 90 days after each round of hiring. Keep your candidate blueprints current, refreshing the content as the needs of your company evolve.
Step #2—Improve Candidate Gravity
Personnel Management Tip 14:
Generate a Continuous Flow of Quality Candidates
Not all recruiting methods are equal. Some give you outstanding candidates for a modest effort. Others are labor intensive, producing hundreds of people, many of whom are a poor fit. Using the correct recruiting methods is essential if you want to efficiently hire better employees.
Picking the best talent-finding options can be a challenge. There are lots of ways to recruit, including job boards, social media, advertising, and requesting referrals. New innovations, improved technologies, and an expanding range of service offerings are added every year.
Some talent resources require a sizeable investment. Marta, a talent acquisition executive for a large financial institution, found this to be the case with job boards. She couldn’t believe her eyes when her company’s primary job board sent her a renewal quote. The same level of service was going to cost nearly double.
Personnel Management Tip 16:
Plan and Produce
Waiting until a job opens to search for talent keeps you stuck in the old way of hiring. Many organizations hire in this manner, duking it out with one another over a limited candidate supply. Often, they’re fighting over leftover third-tier talent.
“Passivity is our problem,” said Marta. “When we wait to recruit, our results are inconsistent. We sometimes find decent people. Other times, we don’t. We end up battling other organizations for the best of the three ‘un’s’—the best of the unhappy, unemployed, and underqualified. It costs us too much time and effort.”
Shifting from reactive to active recruiting is an important step to hiring faster. However, recruiting actively isn’t enough when you’re searching for quality talent in a sea of “un’s.” You need a clear distinction between qualified and unqualified candidates.
Marta incorporated the Hire-Right Profile, working with hiring managers to create a clear picture of who was the best fit. She used that information to write improved posts for the job board, adding details that had been previously overlooked.
The Hire-Right Profile also guided her in selecting better ways to recruit. “Never again will I be left flat-footed,” she said. “Relying heavily on our primary job board has never been a good idea. Our poor results prove it. We need a constant flow of candidates if we’re going to eliminate hiring delays.”
By the time she finished explaining how they would be cultivating top talent and waiting for the right job to show up, the recruiters were like a sports team ready to take the field.”
This is a plan and produce. You create a plan to produce a continuous flow of qualified candidates. That flow is generated by tapping into an expanded pool of talent. The strength of your company’s pull on top talent is called “candidate gravity.”
Personnel Management Tip 17:
Drawing in people is a critical function in business. Stores that don’t attract enough customers fail. Restaurants that don’t fill tables close. Gyms that don’t sell enough memberships fold. Companies with a weak pull on prospective job candidates always struggle to fill their open jobs.
Candidate gravity is the pull your organization has on talent. This pull may be weak, drawing in an insufficient supply of candidates; inconsistent, coming in ebbs and flows; or strong, generating a consistent stream of people. Companies with strong candidate gravity always draw a stronger flow of top talent their way, leaving second- and third-tier candidates for everyone else.
Eight streams of talent generate candidate gravity. Each one taps into a different pool of people.
Talent Stream #1: Advertising
Job ads are one of the oldest forms of recruiting. Yet, running such an ad isn’t necessarily an old-school approach. Campaigns place targeted advertisements in the results of an Internet search engine.
Banner ads on web pages are often viewed by hundreds of potential applicants. Numerous online magazines, newsletters, and classified ad sites offer you the ability to advertise job listings.
Old-school promotion still works. Each week, millions of people peruse job ads in printed publications. Flyers on bulletin boards at schools and houses of worship continue to attract applicants. Signs on buses and benches create awareness of job opportunities.
Advertising works when it delivers a persuasive message to the appropriate audience. Your ad content must be compelling and succinct, communicating to readers what’s in it for them to pursue a job at your company.
Talent Stream #2: Automation
Technology can generate talent and streamline your recruiting. Job boards and career sites come in many sizes and specialties. Sourcing systems find candidates for you. Automated telephone calling services alert job seekers to opportunities. Other recruiting tools find passive candidates or mass distribute job postings.
Talent Stream #3: Candidate Mining
The longer a company has been around, the more resumes fill filing cabinets and databases. Many are covered in real or digital dust, having been overlooked for years. The resumes in these files are a rich, renewable source of potential hires and people who can provide referrals.
Mining this untapped pool of talent is a simple exercise. Methodical searches of databases convert old resumes into new leads. Working through a filing cabinet a few files a day reestablishes contact with potential hires and referral sources.
Searching for previous candidates in applicant tracking systems could uncover prospective employees and networking contacts.
Talent Stream #4: Market Presence
Your company has a presence. This presence is created by your physical locations, online identity, organization’s reputation as a place to work, and overall standing in the community.
Market presence can draw in top talent. Storefront signs can convey organizational values. Websites can share stories of how employment at your company has lifted careers. Videos on social media can highlight where your organization stands on important issues.
[Note: You can free download the complete Office 365 and Office 2019 com setup Guide.]
Talent Stream #5: Networking
In the old days, if you wanted to network, you had to leave your house. You’d drive or fly to a conference, job fair, or reception. Today, you can also network virtually. Social media, online communities, and comments on articles have all become places for us to connect.
Getting the most from networking requires participation in both the physical and virtual worlds. Joining conversations on a discussion board before a conference leads to meaningful interactions at the event.
Staying in touch with people on social media after a job fair may deepen relationships. Attending cocktail parties at the local chamber still offers opportunities to meet people who aren’t active online.
Colleges and schools are prime territories for connecting with talented people who have fresh perspectives. Full-scale networking taps into a wide stream of people who can become your job candidates and provide referrals to top talent.
Talent Stream #6: Referrals
Referrals have always been the most potent talent stream. One person can guide us to many others, pointing out who’s particularly good at a job.
We have many opportunities to ask for referrals to potential job candidates. Current employees, along with their family and friends, can connect us to thousands.
Every candidate interviewed by your company can be a source of introductions to colleagues and friends. Reference checks also provide us ready-made opportunities to ask for help with referrals.
Talent Stream #7: Talent Manufacturing
Job candidates aren’t just found; they’re also made. How? Through “talent manufacturing” programs like internships and education, which provide potential hires with experience and new skills; and cross-training programs, which provide current employees with the skills needed for advancement. Of all the streams, talent manufacturing is the most underutilized.
Talent Stream #8: Talent Scouts
Actors on stage and screen have agents, professionals who land them their next roles. So, too, do people in every profession. Staffing firms and recruitment agencies are external corporate talent scouts, providing contract workers and full-time hires.
The staffing industry has evolved into an entire ecosystem of services to help your company procure one person or an entire team of people.
Only 10 percent of organizations across the globe maintain strong candidate gravity. Why? They maximize all eight of the talent streams; the other 90 percent do not. If you want your company to have stronger candidate gravity, you must identify where your pull on talent is weak and improve those areas of weakness.
Personnel Management Tip 18:
Improving Candidate Gravity
Answers to common questions will show you how the process of improving candidate gravity works:
1. Why is our candidate gravity weak or inconsistent?
It’s important to remember that each talent stream gives you access to a different group of candidates. Some of the talent streams provide overlapping access to the same candidates, but no single stream can secure every qualified individual.
If your company is experiencing an inconsistent flow of qualified candidates, you’re not using all eight streams effectively.
Marta’s talent acquisition team wasn’t in the habit of asking everyone for referrals, nor were they regularly participating in networking opportunities. Improving these two streams brought in top talent they hadn’t previously found using their primary job board.
2. How does our organization improve a talent stream?
Improving the flow of talent in each stream requires choosing the correct methods. For example, there are many automation options, including products from Indeed, LinkedIn, Monster, and CareerBuilder.
Referrals can be generated using different techniques, such as querying current employees or asking for referrals during candidate reference checks. Picking the correct methods, in the form of resources and techniques, maximizes the flow from each of the eight streams of talent.
The recruiters on Marta’s team began asking for referrals in every reference check. They also launched different referral initiatives, including asking for leads from current and past job candidates, internal staff, and the friends and family of team members.
3. What makes a resource or technique the right one for us?
Finding qualified people for a specific role requires tapping into the groups of people who may fit the role. Hire-Right Profiles will guide you in choosing methods for producing prospective employees from these talent pools.
The Hire-Right Profile Marta created for one of the company’s core roles, financial analysts, including two important Dealmakers: Active industry connections and strong verbal and listening skills. Recruiters researched options for finding people with these Dealmakers, looking for possibilities among the talent streams they weren’t used effectively, including networking.
They found several monthly networking opportunities widely attended by financial analysts that fit the bill.
4. How do you know you’re using a resource or technique properly?
That’s simple. If a resource is giving you a flow of qualified candidates, some of whom become good hires, you’re using that resource correctly. An inconsistent flow from a resource indicates that you’re likely making a mistake.
Two recruiters in Marta’s firm generated a flood of financial analyst candidates from referrals. The rest of the team, in comparison, was drawing a trickle of talent. The success of the two recruiters stemmed from how they were asking for referrals. They made specific requests, based upon whom they were speaking with.
Currently employed financial analysts were asked for referrals to colleagues at other firms. Requests of internal staff were focused on who they’d like to see join the company. Once the rest of the team adopted these practices, everyone had success in bringing in a steady flow of candidates from referrals.
5. Do we really need to use all eight streams to achieve strong candidate gravity?
Most organizations find they need to use all eight to maintain a strong talent flow, especially since each stream draws in candidates unique to that stream. Small companies, though, are the exception.
As long as they leverage the most potent stream—referrals—smaller organizations can often generate a robust flow from four or five streams. The leveraging of this selection of talent streams is handled by managers, an HR leader, the business owner, or a combination of these individuals.
Marta and her team initially found the idea of using all eight streams overwhelming. In a short time, they discovered that employing all eight streams takes less effort than relying on only a few. Why? They were drawing candidates from a wider audience rather than struggling over a limited pool.
Maximizing each talent stream creates a continuous flow of talent. How do you create and sustain this flow? By using recruiting methods correctly, consistently, creatively, and completely.
Personnel Management Tip 19:
The Human Aspect of Referrals
Why are referrals such a potent source of talent? Human nature. We were built to help each other.
Altruism, our default factory programming, is why requesting referrals works. Each person we ask gets to help three people—their colleagues, us, and themselves. They get to do what they were born to do.
Are you in the habit of asking everyone for referrals? Probably not. Many people haven’t developed the habit of asking for this type of help from every person they meet. Rather than viewing this as a natural human activity, you may believe it’s an imposition or that the person being asked won’t know anyone.
In politics, we often hear about the power of the people. In business, there’s also a power within individuals—the power of their network. We are more connected than ever through the Internet and social media. Hundreds if not thousands of contacts are within our reach. That’s why asking everyone is important: We never know whom someone may know.
How can you ask for referrals without sounding awkward or needy? Here’s a simple four-step approach:
Step 1: Ask for help.
Requesting help taps into your shared humanity.
Step 2: Explain why.
Briefly explain why you are asking. Understanding your motives makes it easier for people to be supportive.
Step 3: Define who.
Be specific. People have lots of contacts. Asking for referrals for a specific type of person helps them search their vast mental Rolodex.
Step 4: Make your request.
Ask a short open-ended question to solicit their recommendations.
Put together, the four steps could sound like the following:
“May I get your help? I’m responsible for finding people who may fit our company—now or in the future. That’s why I’d like your help. I’m looking to connect with people who have a background in [INSERT AREA OF EXPERTISE]. Who do you suggest I speak with?”
Personnel Management Tip 20:
The Four Cs
Why does a recruiting method fail to supply enough talent? Often, the method gets the blame. However, it’s usually the people who have failed to use it properly. To generate a flow of talent that’s continuous, each recruiting method must be used correctly, consistently, creatively, and completely.
Correctly: Is the Method Being Used Correctly?
There’s a right way and a wrong way. The right way (often referred to as a best practice) is the one that gives you the best results for the least effort.
Take job boards, for example. Marta’s team previously spent hours sifting through job-board resumes of people who didn’t fit. This unstructured and exhausting approach produced only a handful of acceptable candidates, never enough to fill all of their open positions.
Marta and her team eliminated the need for all that mindless sifting by planning ahead. They posted positions on job boards before the real need came up. Dealmakers from Hire-Right Profiles were added to better communicate who should apply. The number of matching candidates grew as the volume of applicants decreased.
Personnel Management Tip 21:
Consistently: Do People Use It Consistently?
Properly using a recruiting method that fits your circumstances always increases the flow of talent, as long you apply that method consistently. Lack of consistency is the most common issue among the four Cs.
The referral initiative developed for Marta’s team focused on consistency. Called “Engage Everyone,” the initiative operated on the belief that every individual knows at least one person who could be a potential employee or source of candidate leads.
This effort paid off: 85 percent of people provided at least one referral. Four new hires generated from Engage Everyone started with the company within two months.
Personnel Management Tip 22:
Creatively: Are They Using It in Creative Ways?
Marta noticed that networking and referrals were generating the strongest flows of candidates and the newest hires. To leverage this success, we designed the “Collaborative Community” campaign. The goal was to partner with leaders in centers of worship, community organizations, and other groups that provide help to their members.
Leaders in many of these organizations were happy to participate. Job notices were placed on bulletin boards, announcements were made from pulpits, and recruiters were invited to attend a variety of events. Leads from a Collaborative Community led to a dozen hires during the campaign’s first six months.
Personnel Management Tip 23:
Is the Method Being Used Completely, to Its Full Capacity?
An improved flow of candidates in a talent stream can have unintended consequences. It’s normal that you’ll become satisfied with better results and overlook untapped potential.
Marta collaborated with her firm’s marketing and PR department as part of her sourcing strategy. Together, they fortified the company’s market presence. Videos of new hires sharing about their job successes were posted on YouTube and social media.
A podcast series was launched featuring employees sharing heartwarming stories about their tenure at the company.
The website was upgraded, making it easier for qualified candidates to have immediate contact with a recruiter. Each of these methods proved beneficial, keeping the company top of mind and generating quality candidates.
During a progress review meeting, Marta proudly reviewed the successes resulting from their enhanced market presence. I congratulated her on this progress and asked when she planned on leveraging her company’s physical locations as a recruitment method.
A contest soliciting inspirational quotes from employees provided content for banners and signs, which were displayed inside and out of the company’s physical locations.
These drew in additional candidates, one of which became one of the best hires of the year. “Had we continued to overlook using our market presence to its full capabilities,” said Marta, “we wouldn’t have found that candidate.”
Personnel Management Tip 24:
Increasing Your Organization’s Candidate Gravity
Given all the ways to recruit, the thought of using more of them may feel overwhelming to you. That’s normal. You’re probably already managing a full desk and a packed calendar. The thought of doing one more thing may seem impossible.
Improving candidate gravity takes time, but less than you might expect. Expanding one talent stream at a time immediately draws in new candidates. When you’re ready to move to the next stream, you do so, expanding the capacity of each at your pace. After you implement recruiting methods, managing them becomes part of the daily routine.
This is why candidate gravity works in organizations of all sizes. It meets you where you are today and grows at a pace that works for you. Over time, the stronger flow from each talent stream increases candidate gravity, providing more candidates with less effort.
A timeline will help you stay on track and eliminate being overwhelmed. This tool defines deadlines, allowing you or your entire team to allocate time appropriately. The sample was similar to the approach used with Marta’s team. Every month was focused on improving a different talent stream and the methods that fed that stream.
Prior to the beginning of each month, the four Cs were applied, allowing Marta to guide team members on what to improve and how to improve it. Specific actions were planned for each week of the month, such as adding referral generation to phone interviews one week and then to reference checks the following week.
Eliminating empty seats and long time-to-fill is all about people. The people in your company have to know who fits a job, and who does not. Then, talented people are lined up before they are needed. Strong candidate gravity supplies those people, empowering your company to cultivate qualified candidates and then wait for the right jobs to show up.
To improve candidate gravity, take the following steps.
Review Your Core, Essential, and Supportive Roles
I suggested prioritizing your jobs into three categories: core, essential, and supportive. Now is a good time to review and update your priority list before planning your approach to improving candidate gravity. The importance of some roles compared to others may have changed as market conditions and the needs of your company have changed.
Update Your Hire-Right Profiles
You’ll use your Hire-Right Profiles to pick appropriate recruitment methods for improving talent streams. Ensure that Hire-Right Profiles are up-to-date and accurate before choosing any methods.
Understanding the current strength of your company’s candidate gravity is important. A brief assessment will inform your efforts as you plan your improvement timeline.
Determine how many of the eight streams of talent are producing a strong flow of people. For any that are not, look at which recruitment methods are being used to add candidates to that stream.
Are those methods being used correctly, consistently, creatively, and completely? Your goal in taking stock is to understand where your candidate gravity needs attention.
Personnel Management Tip 25:
Pick Your Recruiting Methods
Different methods will provide access to different groups of people. Use your updated Hire-Right Profiles to pick these methods.
Ask your vendors of hiring technologies (like job boards and automated sourcing tools) for details on the effectiveness of their resource for your specific needs. Solicit proof, not promises.
Whenever possible, request a free or low-cost evaluation period to experience how much effort is required in using the resource.
Spend some time noticing how your competitors are using their market presence to draw in candidates. Surf their company web pages, video, and podcasting sites, and social media. Note ideas that you can borrow. Drive through town, paying close attention to how organizations use their physical location to attract job applicants.
Collaborate with your colleagues inside and outside your company for additional recruiting methods. Share and practice the four-step referral conversation, noted earlier in the blog, with your colleagues. Ask for their suggestions for local networking opportunities, advertising media, and quality talent scouts.
Also, ask the people you recruit where they hang out. To which groups do they belong? Where do they get their news and share ideas online? Ask for invitations to join them at networking events.
Personnel Management Tip 26:
Create a Timeline
Choosing the order in which you’ll improve each stream will allow you to coordinate schedules and resources.
Where should you begin? Pick the stream that will immediately improve the flow of talent for your top core role. Address the other streams at a measured pace, allowing enough time to incorporate each into a regular recruiting routine.
Apply the Four Cs
The four Cs should guide how you improve each talent stream. Make certain everyone involved in using a recruiting method understands how to use it correctly. Define what constitutes consistency in employing that method.
Schedule regular brainstorming sessions to develop and share creative ideas. Ensure that people are using the method completely, getting the most from their efforts.
Spot-check the flow of each of your talent streams a few times a month. Apply the four Cs if the flow drops, so you can swiftly address the problem.
Personnel Management Tip 27:
Enroll Everyone in the Recruiting Effort
Improving candidate gravity is a team effort, especially when it comes to increasing the flow of talent in your referral and networking talent streams. Everyone in your company is connected to hundreds of people. Ask for their help to actively network and request referrals.
This requesting of referrals start with the senior leaders. When senior leaders actively seek referrals, their leadership positively infects the rest of the company.
Personnel Management Tip 28:
Create New Twists on Old Ideas
When recruiting, the third C, creativity, allows you to innovate. Experimenting with new twists on different methods keeps recruiting interesting and talent flowing. One of the easiest ways to develop new approaches is by combining techniques. Here are three examples that combine networking and referrals:
• Candidate recycling: Invariably, good people will apply for jobs that don’t suit them. Rather than casting these people aside, why not offer to introduce them to your colleagues at other companies?
• Zombie searches: Your resume files and candidate databases are likely filled with hundreds, if not thousands, of “lost” candidates whose contact details have become invalid.
Rather than declaring these as dead ends, these talented prospects can be brought back to life using online search engines (such as zabasearch.com or http://pipl.com).
• Orbiting businesses: Whether it’s a dry cleaner, sandwich shop, or florist, retailers strategically position themselves near centers of business. Ongoing networking with these establishments can attract their foot traffic as your future employees.
Personnel Management Tip 29:
Keep Asking the Most Important Question
As your candidate gravity increases, keep asking: Are we generating a continuous flow of qualified candidates, some of whom become good hires, from each stream? If not, use the four Cs to resolve the issue.
ESTABLISHING PERFORMANCE STANDARDS
Many executives believe they are successful if they meet their performance targets for the year. Nothing gets your attention more than your performance standards. Failure to achieve established goals can result in a change of scenery for you and the organization, so there is strong motivation to do well and meet “your numbers.”
We advise you to exercise wisdom and sound judgment when your employees permit bad actors to penetrate your cybersecurity shield. Is this person one of your star performers? Was it a lapse in judgment and common sense, did it fit with a long-term pattern of carelessness, or was it an accident? Can you afford to live without this person?
If you exhibit compassion for one instance, do you dispense justice fairly and evenly to all thereafter? Demonstrate wisdom to your employees. Show them that there are consequences for mistakes and hold them responsible, but don’t let intransigence stand in the way of intelligence.
Many companies are now struggling on how to determine cybersecurity success. How do you factor that into your annual “numbers”? How do you create meaningful cybersecurity performance standards that can enhance your business?
Determining measures of success is essential for any job. Everyone wants to know what the boss wants and how they will be measured for their performance. If you don’t tell your employees what you value and what you expect them to do, they will give you what they believe is best and expect to be rewarded based on their own criteria, not yours.
That is unacceptable for all parties. Be clear that you expect certain cybersecurity-related performance measures to be included in their annual performance plan. As with most performance standards, make them feasible, achievable, suitable, and measurable. (We bet you thought we were going to say affordable. Standby, that discussion is coming.)
We hope you get our point. We believe that you can sharpen your organization’s focus toward cybersecurity by incorporating it into your performance standards. Focusing on cost, schedule, performance, and (especially) business effects can drive home the point that proper cybersecurity practices have value in nearly every process and product in which your company is involved.
Linking pay to performance multiplies this effect many times over. When people know they will be rewarded for cybersecurity success and face consequences for cybersecurity failures, chances are very good they will give you their best effort.
As you seek to develop a corporate culture that values cybersecurity and cyber hardens your workforce, consider incorporating cybersecurity into performance standards and link pay to performance. We believe you will get people’s attention and they will respond exceptionally well.
Personnel Management Tip 30:
Who is responsible for cybersecurity in your organization?
Actually, if you asked employees in many organizations who run their corporate cybersecurity program, they may tell you the name of the corporate sponsor, that is, the executive who administers and manages corporate-wide activities that promote cybersecurity.
In some companies, the program is managed by the CIO, while others delegate those responsibilities to the CISO. We are aware of several companies who assign cybersecurity programs to the CSO and a very few who assign it to the CRO.
Each company is different and assigns roles and responsibilities based on several factors including strategy, corporate cultures and values, company size, organizational goals and objectives, and the capabilities and personalities of their executives.
All things being equal, we submit that in a perfect organization (perhaps yours?), the cybersecurity program would be “owned or sponsored” by the CEO and managed by the CIO. This is because cybersecurity touches each and every activity in your organization.
When the CEO stands up in front of the employees and says, “This is so important that I personally am its champion,” and backs their words up with leadership in the activity (including holding subordinate officers accountable for promoting the program), people take notice and respond accordingly.
After all, people tend to work the boss’s problems first. If your organization is trying to develop a culture of cybersecurity, we suggest no more powerful signal of the value the corporation places on the effort than the CEO adopting the program as his or her own and actively promoting it.
With the CEO as the champion of the cybersecurity program and every employee responsible for their piece of it, you still need someone to manage it.
We believe the CIO, who has responsibility for shaping and controlling the corporate information environment, is the best-qualified position to manage the corporate cybersecurity program.
Through the creation of plans, policies, and procedures; architecture development; and the selection of tools that create, manage, monitor, control, and store information, the CIO is at the heart of nearly all business activities.
Furthermore (as previously discussed), the ideal CIO has the managerial experience and technical credentials to manage a cybersecurity program effectively. Supported by a capable and credentialed CISO and the CEO serving as the organization’s cyber security champion, the CIO leads a powerhouse team.
Managing an effective cybersecurity program involves more than publishing policies, conducting annual cybersecurity auditing, training, monitoring intrusion detection systems, managing firewalls, and sending out occasional email reminders about the importance of cybersecurity.
Unfortunately, that’s all a remarkable number of companies do when it comes to cybersecurity. With the number of cyber incidents continuing to rise in volume and severity, you and your organization need to invest wisely to ensure you best manage your cyber risk.
For example, consider your organizational finances. Many companies convene Financial Review Boards chaired by the CFO to review organizational expenses. One of the more common agenda items is a review of whether items of expense produced their desired results. Is cybersecurity an agenda item in these financial governance sessions?
In the organizations we’ve been affiliated with, it often is but determining whether cybersecurity investments are effective often is difficult to grasp. Nevertheless, if the organization approaches cybersecurity much as it does insurance, these meetings tend to be more fruitful and yield better decisions.
Consider also how risk decisions are made. As previously discussed, many companies establish risk committees as part of their governance structure. These committees evaluate the risks facing the company and establish the risk appetite of the firm. Does your company have a risk committee?
Is cybersecurity on the agenda during these committee meetings? Who makes the decision to accept cybersecurity risk in your organization? We recommend you make it perfectly clear how risk is managed in your organization because no doubt the board of directors will be acutely interested in how you answer these questions.
The type of organization, its culture, and its values are key factors in determining the governance structure for cybersecurity programs. Secure leadership/ownership at the highest levels is necessary to reinforce the importance of safeguarding your information. Make sure everyone knows that cybersecurity is their responsibility.
TRAINING FOR SUCCESS
Investing in cybersecurity training for your employees can save your business more than money. It can save your brand reputation. When employees are not properly trained, they often devise methods and procedures on their own and the results are not predictable, effective, efficient, and secure.
When your employees don’t understand the need to practice cybersecurity methods at home and the office, they are more likely to expose themselves and your organization to risks. Much is at stake. Cybersecurity training for all employees is a wise investment that you can’t do without.
Information Every Employee Ought to Know
We’ve already shared a significant amount of information that you ought to include in your employee training program. It is important to train every employee on basic cybersecurity principles and techniques so that they have a solid understanding of the threats, vulnerabilities, and risks confronting them and your organization.
They should know what they should do to protect the organization’s information and thus their own vital interests. Demonstrating how the individual can be personally affected is a powerful technique to reinforce the importance of the subject.
Therefore, we recommend you include a section in your corporate training on how to protect yourself at home as well as how to protect the organization.
We believe that a strong cybersecurity posture in the employee’s home computer system is essential to effectively manage your corporate risk. For example, if they are working for you in the evening on a project that you and they enjoy, that’s a good thing.
However, if they have been lax in protecting their home computer and have a device riddled with malware, then that spreadsheet they created at home and transferred to a thumb drive probably will be plugged into one of your “clean” computers and unwittingly spread throughout your network.
Hence, computer safety does begin at home. We suggest that you continually invest in training your personnel to be sensitive to cybersecurity and the proper use of computers. We have found that training that applies well at home and the office positively reinforces learning.
If employees understand their vulnerabilities at home, they will relate more easily to the need for attentiveness at work. As telecommuting and home commuting become more popular, the likelihood of a compromised home computer infecting the company network increases dramatically. Elsewhere in this blog, we articulate policies and procedures that apply.
Don’t make the mistake many organizations do by getting lazy at the top. Your training should apply to every employee, from the Chairman of the Board to the newest hire in the mail room. Every employee shares in the responsibility to maintain a solid cybersecurity posture because a mistake by someone most likely will be felt by all.
Make it policy that cybersecurity training is mandatory for every employee. Lead by your example, and don’t exempt yourself because of your busy schedule. Schedule your cybersecurity training as you would any other important meeting. Check to make sure your employees take their training as well.
Follow-up when they don’t. Make satisfactory completion of their training a performance standard.
You may be asking yourself what your cybersecurity training program should look like. You are not alone as many people ask us to help them establish their cybersecurity training programs.
For example, we have a CEO client who recently asked us to give our cybersecurity training to his employees. We tailored our presentation to his organization as all training should be put into a meaningful context to deliver the maximum positive effects.
Nevertheless, there are some common items of interest that we recommend you include in your training programs.
Rather, we propose an outline you should follow as a basis for training your employees to properly understand cyber risks and equip them with the knowledge to respond appropriately. Follow this training program and you will have a workforce that is not only “cyber smart” but “cyber hardened” as well.
Personnel Management Tip 31:
Your Cybersecurity Leaders
One of the things that you need to do as a leader is to remind your employees that cyber-security is everybody’s responsibility.
This is at the core of building a corporate culture that values cybersecurity. Your cybersecurity programs, training, tools, and procedures do not belong just to one individual or department; they are the responsibility of everybody, including you!
Nevertheless, many organizations assign executives responsibilities for activities that cut across multiple products and business lines. These executives are responsible for policies that govern functional activities and provide oversight that makes sure the policies are appropriately followed in execution by personnel across the organization.
These executives provide sponsorship and ownership of cross-cutting activities. Financial, security, and risk management are examples of these types of cross-cutting activities. Cybersecurity is another.
There is no single best practice organizational structure determined to optimize cybersecurity in business. While many organizations align sponsorship of cybersecurity programs under the chief information officer (CIO), we’ve seen others who place it under the auspice of the chief information security officer (CISO), the chief security officer (CSO), or the chief risk officer (CRO).
We’ve even seen several companies place it under the COO or the CFO. The type of business you run and the corporate culture of your organization will guide your selection as to which officer is best suited to sponsor the cybersecurity program in your business.
We recommend you consider aligning the management of your cybersecurity programs to your CIO with your CISO serving as a direct report. CIOs are responsible for the information of the business.
If they do their job correctly, they are thinking and acting beyond the IT systems; they are focused on the process that creates, consumes, manages, stores, and protects the information that is such a valuable part of your business.
Too many times, we have seen CIOs who become bogged down with the acquisition or management of software and IT systems while losing sight of the fact that these are complementary tasks supporting the management of information, which is truly the heart of every CIO’s job. Your CIO should be responsible for managing the entire life cycle of your business’s information, from creation to destruction, including its protection.
Because the CIO is responsible for the effectiveness, efficiency, and security of information throughout its lifecycle, we recommend you consider aligning the CISO as a direct report to the CIO.
The CISO provides the full-time focus to manage the programs and operational activities required to protect your information properly.
We view this as a subordinate role to the CIO, who manages the entire spectrum of activities governing your information. A CIO without a CISO is a person ill-equipped to properly do their job.
Similarly, a CISO not working in concert with the CIO often is viewed as a competitor, resulting in needless friction that adds drag to your organizational processes and production. You don’t need that kind of heartache.
As senior executives, we make a point of thinking strategically, including with succession planning. We look for promising young executives who we can groom to take broader and more important roles in the future.
We are looking for someone who has the skills and experience to prove themselves worthy to take our place when we decide to step aside (or move up). We believe that there is a great opportunity to grow future CIOs from your CISOs.
In fact, given the increased importance of information in your business, we believe that CIOs not possessing a thorough grasp of the skills required of CISOs are not adequately prepared to manage the full spectrum of information management successfully.
We recommend you consider placing your potential future CIOs into CISO positions, where they will gain the necessary mastery of cybersecurity practices, policies, and procedures that complement your business and protect your information. These are essential skills that a CIO must have. If the candidates are unsuccessful as CISOs, they definitely will be unsuccessful as CIOs.
CIOs and CISOs share common technical education and training requirements and experiences, yet the CIO’s experience base is arguably much broader than information security.
CIOs must master information management, information security, software and hardware operations, system acquisition, architectures, and a host of other technical and managerial functions. This places CIOs in an ideal position to serve as not only the CISO’s boss but also as a mentor.
CIOs typically have a broader view and can help provide the leadership to focus the CISO on providing value-added and practical security constructs that are appreciated and adhered to.
Many of our clients ask what type of credentials and experiences we recommend that senior executives such as the CIO and CISO have to ensure they have the skills needed to lead contemporary IT organizations effectively.
While there are a host of certification and credentialing programs now available, we believe there are two cybersecurity credentials that are “must-haves” for both your potential CIO and CISO candidates, the Certified Information Systems Security Professional (CISSP) and Certified Information Systems Manager (CISM) certifications.
The first is the CISSP certification issued by the International Information Systems Security Consortium (ISC2) organization. It is considered as the more technical of the two certifications, and we regard it as a must-have for CISOs and highly desired for CIOs.
Many senior executives look at the CISSP certification as they do a Professional Engineer certification. Members possessing the CISSP certification have undergone a grueling six-hour examination that tests the candidate’s knowledge in all ten domains. CISSPs must demonstrate five or more years of experience in protecting information and information systems.
They subscribe to a professional code of ethics that promotes the safe and ethical use of IT. Further, they must maintain their currency through continuing professional education. When you hire a CISSP, you can have confidence they have demonstrated technical expertise in cybersecurity.
The second certification, the CISM certification, is issued by the ISACA organization. While the CISSP credential program is more technical in nature, the CISM program focuses on the effective management of information systems using contemporary security principles and best practices.
Like CISSPs, people with the CISM certification pass a comprehensive test that ensures they have the requisite technical and managerial knowledge, have to demonstrate years of experience in the professional management of IT systems and have continuing professional education requirements. The CISM certification is highly recommended for CIOs and CISOs alike.
Is one better than the other? Do you need both? Do you need to even have a certification? Frankly, there are numerous CIOs and CISOs operating without these credentials, and many of them seem to be doing just fine.
However, with the ever-increasing cybersecurity threats continuing to mount, are your CIOs and CISOs adequately equipped with the skills and experience to excel in the coming years? Do you want to hire or retain individuals who are not prepared to adequately manage and defend your information?
We believe the current and future threat environment demands that your CIOs and CISOs need to maintain a professional cybersecurity certification. If your CIO and CISO already have their credentials, terrific! Make sure they maintain their currency through continuing professional education.
Invest in them by sending them to courses and seminars that enhance your business objectives. If they don’t have their credentials, ask them, “why not?” Consider including achieving certification as a mandatory performance objective in this year’s performance plan.
If you make technical credentialing and experience a requirement in selecting your senior technical business leaders, you also send a message that gives hope to your technical workforce that with the right combination of technical prowess fused with managerial and leadership excellence, they can someday rise to the C-suite.
This helps keep your best technical talent, provides invaluable stability within your staff, and builds loyalty and trust. When you establish a career path for your staff that potentially leads to a C-suite position, you set a solid foundation that pays rich dividends in strengthening your cybersecurity program.
Picking the right CIO and CISO is critically important for your organization. Not only do they need to have the technical expertise to effectively perform their jobs, but they also have to be great partners and leaders.
They need to understand the business processes across the organization and look for opportunities to enhance business functions by innovatively leveraging information and IT to gain or maintain your competitive advantage.
Many of our clients ask us to identify attributes we look for in selecting potential CIOs and CISOs to be great “cyber leaders.” Frankly, CIOs and CISOs are executives who have to have solid technical credentials yet possess the same talents and leadership skills we expect of any other executive. We seek those who have demonstrated attributes that include the following:
The ability to lead people and manage projects
Thorough understanding of the business and how technology enhances it
The ability to plan and forecast strategically and tactically
The ability to communicate clearly across many different audiences and cultures
The ability to adapt and perform at high levels in a variety of new and different positions (e.g., career broadening)
We’ve spent considerable time discussing your CIO and CISO, whom we consider your principal cybersecurity leaders, but what about your other executives? Aren’t they also cybersecurity leaders?
Cybersecurity is about risk management, and both the CRO and the CSO have a huge stake in maintaining a solid cybersecurity program. It makes sense that they too should have experience in protecting and defending information.
Like your CIO and CISO, you should consider recurring cybersecurity training for your CRO and CSO. Perhaps more than other executives in your organization, their duties call for a broader and deeper understanding of threats, vulnerabilities, and the tactics, techniques, and procedures needed to minimize risk.
While they don’t need the detailed technical knowledge of your CIO and CISO, they need to be able to speak and understand the same language. We recommend you consider investing in specific cybersecurity training for your CRO and CSO.
Having leaders who are “cyber smart” helps your business immeasurably. Executives who are well informed and understand the risks and opportunities facing your organization are much better postured to make the right decisions that yield success.
As you look to pick the talent for those who lead your cyber security efforts, we strongly encourage you not only to pick great executives with terrific leadership skills but also to pick the ones that are established technical leaders with the right certifications and qualifications.