Roland Cloutier is stepping down as global CSO to become a strategic advisor to TikTok’s CEO. The clock is ticking on the CSO succession plan. Credit: TikTok The best time to do succession planning was last year. But the next best time is right now.The news this morning that Roland Cloutier is stepping away from the TikTok Global CSO role may or may not be surprising. After all, Roland joined TikTok a couple of years ago, around the same time that TikTok was dragged into some US political maneuverings. At the time, it wasn’t clear if Roland was going to be their CSO-for-life, or if his role was to guide TikTok through a transition and build an excellent foundation for its security future (I guess we know now).Anyone who interacted with TikTok at the RSA Conference this year probably noticed something different. Unlike most buyers, TikTok showed up in full force. In addition to having one of the best RSAC parties I’ve ever been to, they ran their own mini-conference, simultaneously using it as a recruiting event and as a vendor education opportunity. Where most CSOs hide their staff from vendors (after all, who wants even more unsolicited outreach), Roland set his team out in front. They explained what their day jobs were, and the language of security that TikTok used. I asked Roland about it during the mini-conference, and he noted that if vendors actually had value they could provide, this would let them more clearly articulate it to TikTok staff; and that vendors who just spammed out their own templates would more easily be filtered out. Roland’s LinkedIn post announcing his move spends more time talking about the leaders he developed than his own achievements. Having met the leaders in question—Kim Albarella, Andy Bonillo, VJ Larosa, and Will Farrell (no, not that Will Farrell)—I can say all of them are potentially CISO material, and I look forward to seeing the impact they’ll each have over their careers. The timing of Roland’s role change is interesting, though, from a career development perspective. One of the hardest tasks a CSO has is to give opportunities to the next generation of leaders to develop their skills and accumulate successes in their own right. When the CSO is always there in the wings, all too often the accomplishments of their team are diminished and attributed in part to the presence of the CSO. The result is that when that CSO leaves an organization, the company is quick to replace them with an already-accomplished executive, ignoring the amazing talent that the CSO spent years nurturing. Alternately, when a CSO stays too long in an organization, their staff wonder if they’ll ever be given an opportunity to progress, and frustration can leave them to depart, whether or not they are ready to do so.With Roland moving into an advisory role, there is hopefully no urgency today to replace him as Global CISO, especially with the recent creation of TikTok’s US Data Security team (I look forward to the dance-fight for the rights to the acronym with the US Digital Service). This window as TikTok assesses what their needs are from a future Global CSO, will give Kim, Andy, and Will the opportunity to demonstrate their own abilities. Maybe one of them will be TikTok’s future CSO, perhaps TikTok will have some form of divisional CISO roles, or someone else might come in and headhunt one of them. Roland’s transition creates the space for his team to find those opportunities. Now it’s up to them to seize those opportunities. [Disclaimer: Roland is a friend of mine. We were both inducted into the CSO Hall of Fame last year, he’s been a guest of mine on the Cloud Security Reinvented podcast, and we’ve long run into each other at conferences. We’ve been on alternating sides of the CSO/vendor relationship for a very long time. Roland, however, did not talk to me about this change beforehand, which I might bring up when he buys me a drink at the CSO50 Conference in September.] Related content news F5 patches BIG-IP Next Central Manager flaws that could lead to device takeover Two high-risk vulnerabilities could be exploited to allow attackers to gain full administrative control on devices via leaked password hashes. By Lucian Constantin May 08, 2024 5 mins Threat and Vulnerability Management Cloud Security Vulnerabilities news Suspected Chinese hack of Britain’s Ministry of Defence payroll linked to government contractor, minister confirms The UK’s defence minister would not confirm that the attack was conducted by an element of the Chinese state, rather blaming the “potential failings” of a partner. By John Dunn May 08, 2024 4 mins Aerospace and Defense Industry Data Breach Government news analysis Massive security hole in VPNs shows their shortcomings as a defensive measure Researchers found a deep, unpatchable flaw in virtual private networks dubbed Tunnelvision can allow attackers to siphon off data without any indication that they are there. By Evan Schuman May 08, 2024 8 mins Threat and Vulnerability Management Data and Information Security Network Security news DocGo says hackers stole patient data in a recent cyberattack The attack compromised some healthcare data with no material or financial losses, the company said. By Shweta Sharma May 08, 2024 3 mins Data Breach Hacking PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe