Thom Langford at Publicis Groupe is a LAZY IDIOT--Here is why
Can't believe this guy is a CISO. Apparently, he has connections somewhere.. because it cannot be on merit and management skills.
There are so many different areas in INFOSEC, that to be so narrow when it comes to hiring professionals is idiotic (to say mildly).
For instance, to conduct penetration testing and red team skills for a person without at least 3 years security experience will take 2-4 years to become proficient. This doesn't include the huge amount of costs associated with training. On top of salary, you can expect to pay in excess of 60K.
I don't mind providing individuals right out of school a chance to prove themselves; however, I wouldn't make an entire INFOSEC organization full of them. Even so, I want to see some background displaying computer skills beyond OS configuration and administration.
Now the LAZY PART--Let's not forget one of the jobs of a CISO... and this is to ensure those who work in INFOSEC are motivated to accomplish a common goal.
If you have an expectation, then ensure employees have the resources (training, systems, etc.)required to do the job in an efficient manner. Don't expect them to become overly creative and find ways to apply Band-Aids.
If as a CISO, you find a good percentage of INFOSEC employees aren't meeting your expectations, then first look in the mirror... and ask yourself, if you're doing everything you should.
If you're unable to motivate and provide leadership, then it's time someone else fill the CISO role. Because you're spending too much time on the golf course or trying to impress those in the corporate board room.