Finding and utilising the right Interim CISO

Our Head of Contract, Ali Maclean, and InfoSec People’s Strategic Advisor, David Clayden, share their insights on how utilising an Interim CISO can benefit organisations, and why the recruitment process is critical when preparing to hire an interim CISO.

With a combined 50 years of experience placing technical and senior business professionals in Interim roles, we are aware of their worth. They can transform a business, provide valuable breathing space, inject talent, assist in major transformations, and be agents of positive change.

Interims likely have broader cross-sector experience and can be much more effective at initiating and driving change. Once the change is ingrained, perhaps a cheaper and less experienced CISO can step in.

But how do you identify that elusive resource and try to ensure that they are the right fit for your organisation? When attracting an Interim CISO, a job role that has only been around for about fifteen years, how do you make sure you are getting the real deal and what is the real deal? Do you know what it looks like, and what are the correct credentials for you and your organisation? Is it their breadth of experience, their certifications, a technical or non-technical background, and if they were a CRO, COO, CTO, or CIO previously? When putting together an interview panel, who do you include, and do you have the expertise internally to adequately assess suitability?

If you had a choice, would you recruit a career Interim CISO or a career Permanent CISO, and are they that different? Would you get better value from an interim CISO with over twenty assignments and a broader range of client experience, or a permanent CISO who has grown in experience at three or four organisations? If we assess the average tenure of a Permanent CISO in the FTSE 250, we are only looking at around two to two and a half years. So, is there a big difference, or is it simply a lifestyle choice?

An interim CISO can be seen as a wrecking ball: someone with a fresh approach who comes with zero baggage, who can rebuild and get things done. They may have a window of opportunity to speak plainly and objectively, with no vested interest in telling people what they want to hear. They are not worried about self-preservation, as they are only in for a specific period before moving on to their next challenge. They are going to investigate areas that may have been left to quietly build up risk, and not all their findings will be good news for the team or the board.

What is certain is that a CISO’s responsibilities are increasing, as well as the regulatory requirements involved in the role. We are likely to see day rates and salaries double or even triple. The entire recruitment process becomes critical, and organisations must make sure those involved in selection are fully qualified and prepared when an interim CISO needs to be identified. Upon completion of their assignment, they should be handing over a well-documented cyber strategy and a senior-level commitment to ongoing training to mitigate risks.

If you’re looking for a new interim/contract opportunity within cyber security, get in contact with Ali Maclean:
Call Ali on 01242 507 900 | 07566 796 049,
Email, or find him on LinkedIn

Utilising Interim CISOs


Adaptability and Agility

Interim professionals are known for their adaptability and agility in rapidly changing business environments. They can pivot quickly to address evolving challenges, making them invaluable in industries prone to rapid shifts.


Interim CISO’s often have extensive networks across industries, which can be leveraged for the benefit of the organisation. Their connections can lead to valuable partnerships and collaborations.

Succession Planning

Interim CISO roles can serve as a part of an organisation’s succession planning strategy. They can help groom internal talent for leadership roles, potentially reducing the need for external permanent hires in the future.

InfoSec People is a boutique cyber security and IT recruitment consultancy, built by genuine experts. We were founded with one goal in mind: to inspire people to find the careers that inspire them. With the success of companies fundamentally driven by the quality of their people, acquiring and retaining talent has never been more important. We believe that recruitment, executed effectively, elevates and enables your business to prosper.

We also understand that cyber and information security recruitment can genuinely change people’s lives, that’s why we take the duty of care to those we represent very seriously. All our actions are underpinned by our core values:

  • Always do the right thing
  • Be the best we can be
  • Add value

We work with businesses in the cyber/tech arena, from start-ups and scale-ups to FTSE100 and central Government, many of whom are always looking for great people.

Call us directly on 01242 507100 to discuss opportunities or email