How To Become A CISO, Part 1

  /     /     /  
Publicated : 22/11/2024   Category : security

How To Become A CISO, Part 1


Think youre ready for the top job? Heres part 1 of a series to help you land that prime chief information security officer position.


So you want to be a CISO, huh? Think youre ready to lead a small band of white knights into battle against a countless, hidden enemy? Ready to play both savior and scapegoat, depending on what the day brings? Ready to beg, borrow, and steal for the resources you need to protect your company?
Yes? OK, then, youre ready to do the job...
but can you get the job
? For the next several weeks, were dedicating Mondays to helping you find the path to the big job, which wont be easy to define.
Theres not a standard path [to the CISO job] like so many other professions, says Mark Aiello, president of the Boston cyber security staffing firm Cyber360 Solutions. We cant even agree on how to spell cyber security. (Cybersecurity? Cyber-security?)
Even the words engineer and administrator dont mean the same thing from company to company. The bad news, then, is that it is hard to know what career steps to take next.
The good news, though, is that the ladder youre already climbing could lead you to the CISO seat.
Despite the variety of routes to the top, Aiello does identify a few consistent trends:
Most CISOs are hired from outside the company.
Following the perplexing logic that somebody you dont know must be smarter than somebody you do know, the vast majority of organizations look outside their walls for a CISO, Aiello says. However, they will be more likely to hire an insider for the CISO job if its a newly created position.
So being in the right place at the right time may help you get that newly minted CISO gig, but beware...
A companys first CISO has less power than its subsequent CISOs.
That first CISO tends to not have as many teeth as the second one, Aiello says. Theyre likely to be a step below the true C-suite and report to the chief information officer.
Aiello thinks the CISO should be separate from the rest of the IT organization, because security not only impacts technology. Security organizations are still relatively small [in size], in comparison to the IT department, but huge in terms of importance.
Most companies want to hire a CISO whos already a CISO somewhere else.
This raises a question: How do you get that first CISO job if you can only get one if you already have one? Aiello says you may convince a new employer to take you on if youve reached the highest security position at your current company -- like director or vice president of security -- as long as you have experience within the appropriate industry vertical: finance, healthcare, etc.
CISOs are more likely to come from a technical background.
Though there are people who rise to the security job from outside the IT department -- well hear some of their stories in the course of this series -- Aiello says that most of todays CISOs began their careers in an information techology job of some ilk. As the field matures and more IT functions are outsourced, that may change.
A CISSP certification isnt necessarily required for a CISO.
In order to have climbed the infosecurity ladder high enough to be eligible for the chief title, you probably will have needed a CISSP already. However, if youve made it this far without one, you probably wont need one now, says Aiello. A four-year college degree, however, is something a prospective employer will want.
[Is there a cyber security skills shortage?
Hear what Mark Aiello and Julie Peeler of ISC(2) said on Dark Reading Radio
.]
As the CISO job grows bigger and more important, Aiello says, the key is proactively gathering all the knowledge and experience you can.
Raise your hand. Volunteer, he says. If youve spent most of your career outside of the nitty-gritty, hard-core IT security world, spend more time learning about the tactical side -- the day-to-day tasks of securing a business. If you are from a heavy technical background, learn as much as you can about the business side.
Understand the problems your technology is there to solve, he says. Understand what [the company is] securing and why theyre securing it.
In the coming weeks, well spin out the origin stories of men and women currently holding the CISO position at a variety of organizations. Come back to Dark Reading next Monday for the first how I became a CISO tale.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
How To Become A CISO, Part 1