Ready to Start Your Career?
December 27, 2018
IT in the C-Suite, Part 2: Becoming a CISO
December 27, 2018
C-suites are making room for chief information security officers.This security-focused executive position is gaining ground as enterprises look for ways to safeguard networks and services without compromising their bottom line. As noted by CBR, the role is evolving to include more responsibility and greater expectations, even as public and stakeholder focus puts CISOs in the spotlight. Simply put? It’s not an easy job — but for the right IT expert in the right organization, it can be the ideal combination of risk and reward.Considering a shift to the executive track of CISO? Here’s what you need to know.
Get the TrainingWant a C-suite job? You need the experience — think 7-10 years in IT with consistent movement toward managerial positions. You also need certifications. Even with a growing IT skills gap, enterprises must be diligent in vetting their CISO candidates, especially considering the degree of autonomy given and the level of aptitude expected. This means you’ll need basic qualifications such as CompTIA A+ and Security+ along with more advanced credentials such as Certified Information Security Manager (CISM), Offensive Security Certified Professional (OSCP) and Certified Information Systems Security Professional (CISSP).In addition, most CISOs possess a Master of Business Administration (MBA) from a reputable school. Why this expectation? Because the chief information security officer isn’t just responsible for crafting great security policy but designing business-focused deployment that helps drive revenue and limits potential losses. As a result, business acumen is considered on-par with IT skill.Finally, you’ll need the CISO course and exam certification to demonstrate that you have the necessary skills to provide project leadership and develop business-first initiatives.
Know the RoleOn the surface, the role of CISO seems simple: Design information security measures that defend corporate data without hampering day-to-day business efforts. But that’s just the beginning. As noted by Business News Daily, CISOs are now called up to develop company-wide risk assessment strategies, ensure data handling and use policies to meet emerging compliance regulations and develop a security architecture that enables business growth.It’s a role that encompasses all aspects of information security and governance, from leveraging IAM solutions that limit application and network risk to educating employees about the dangers of phishing scams, malware attacks and the need to separate corporate and personal IT use.
Understand the ExpectationsIt’s also critical to understand the evolving expectations placed on CISOs. As noted by Bank Info Security, CISOs now have a mandate “to be a Jack or Jill of all trades”, capable of handling any security issue as it emerges and designing strategies that reduce the risk of future security failures.
CISOs must also be prepared to embrace new technologies and adapt to the future of risk.”According to Information Age, meanwhile, the shift to C-suite combined with increasing stakeholder and public expectations have resulted in “astronomical” pressure on CISOs to deliver security strategies that both boost bottom lines and defend critical data.The result? It’s important for potential CISO candidates to both know what they’re getting into — this isn’t a job for the faint of heart or anyone that doesn’t have a passion for cybersecurity — and know their own value. New board members must be prepared to advocate for their independence and autonomy; a seat at the table must mean exactly that, not a booster seat or high chair that’s ultimately tied to another executive’s sphere of influence.This won’t always be an easy sell but it’s a fair trade: For CISOs to make the kind of sweeping policy changes necessary and ensure all staff members — including C-suite executives — are following the rules, autonomy and independence are critical. Here, experience and certification drive confidence and expectation. Organizations demand a great deal of CISOs, but this is a two-way street.