career-paths
career-path

Become a CISO

Taught by CISOs for CISOs, this Career Path will provide you with a structured curriculum with specialized learning activities that will give you real-world training on how to become a successful CISO in the ever-changing security field. You will learn about corporate cybersecurity management, NIST 800-53 security and privacy controls, business continuity and disaster planning, enterprise security case management, and numerous competencies of the effective CISO.
Start CourseNeed to train your team? Learn More
Create Free AccountNeed to train your team? Learn More
4
Share
23
1
M
Time
intermediate
difficulty
0
ceu/cpe

Overview

Choosing CISO as a career path will provide you with a structured curriculum with specialized learning activities that will give you real-world training on how to become a successful CISO in the ever-changing security field. In this career path, you will learn about corporate cybersecurity management, NIST 800-53 security and privacy controls, business continuity and disaster planning, enterprise security case management, and numerous competencies of the effective CISO.

How Do You Become a CISO?

It typically takes many years to become the Chief Information Security Officer (CISO) for an organization, but the work will be worth it. Over a period of years, IT professionals gain technical experience and other non-technical skills and knowledge that help make a great leader. Professionals in the CISO role usually have work experience, education, and certifications in information security.

There are various paths that you can take to become a CISO. One example looks like this:

  • Earn a bachelor’s degree in computer science or other related field or gain equivalent work experience.
  • Obtain an entry-level position in the industry (such as a programmer, security administrator, system administrator, etc.)
    • - Advance to a security specialist, analyst, consultant, engineer, or auditor. - Obtain advanced training and appropriate certifications. - Advance into an IT management role (security manager, architect, director, etc.) - Attain further education or certifications that have a management focus. - Get promoted into the CISO role.

    What Does a CISO Do?

    A Chief Information Security Officer is the leader of an organization’s IT security department and its team members. This is a senior-level management position responsible for selecting, overseeing, and providing leadership for any initiatives that concern the overall security of an organization. The CISO role requires technical and non-technical skills and knowledge that are learned academically and through work experience.

    As a CISO, you can expect a job that carries a certain amount of freedom and power. In this position, some of your responsibilities may include: - Select and lead a team of IT professionals - Strategize and implement information security technologies and enhancements - Supervise the development of organizational security standards, policies, and procedures, and ensure compliance with them - Work with key stakeholders to create an IT security risk management program - Stay updated with evolving infrastructures and anticipate new security threats - Monitor threats, vulnerabilities, and events in systems - Audit current systems and perform thorough risk assessments - Develop strategies for handling security incidents and organize investigative actions - Prioritize and assign security resources appropriately - Prepare financial forecasts for security operations - Provide leadership, training opportunities, and guidance to personnel - Facilitate education and training programs that are focused on security awareness and compliance - Various administrative and managerial tasks

    The exact duties that a CISO will perform may be different depending on your specific organization’s needs and goals. The abovelist provides a general idea of tasks and responsibilities that are often assigned to a CISO.

    Who Does the CISO Report To?

    Every organization is different, so there really isn’t a universally accepted reporting structure. There are some factors that play a part in the structure that an organization employs. It’s essential to understand the organization’s security goals and what leadership’s perspective on security is. Additionally, the organization’s size, industry, and the role the CISO will play all have to be considered. That said, there are some common practices regarding who a CISO reports to:

    - Chief Information Officer (CIO)

  • Chief Financial Officer (CFO)
    • - Chief Risk Officer (CRO) - Chief Executive Officer (CEO) - Board of Directors

    The best reporting structure for a company will allow for effective communication and swift progress. It will ensure that all cybersecurity elements are covered, no matter which reporting structure is used.

    What Is the Difference between a CIO and a CISO?

    A Chief Information Security Officer (CISO) is typically concerned with the overall security of a corporation’s computer systems and databases. The Chief Information Officer (CIO) instead, is concerned with general technical issues facing the organization. For example, the CIO may work with the budget for new computers or other hardware, or for software upgrades. Additionally, a CIO may help determine how the IT department operates and installs new hardware.

    The main focus for a CISO is security. The CISO will have to be familiar with all the systems that are used in the organizations, but they will do so in the context of security. For example, the CISO will ensure that security protocols are followed when new hardware is upgraded, or software is installed. When the CIO and the CISO work well together, it ensures that the organization’s operations maintain the highest level of efficiency and safety.

    Frequently Asked Questions
    What Is the Difference between a CIO and a CISO?

    A Chief Information Security Officer (CISO) is typically concerned with the overall security of a corporation’s computer systems and databases. The Chief Information Officer (CIO) instead, is concerned with general technical issues facing the organization. For example, the CIO may work with the budget for new computers or other hardware, or for software upgrades. Additionally, a CIO may help determine how the IT department operates and installs new hardware.

    Who Does the CISO Report To?

    Every organization is different, so there really isn’t a universally accepted reporting structure. There are some factors that play a part in the structure that an organization employs. It’s essential to understand the organization’s security goals and what leadership’s perspective on security is. Additionally, the organization’s size, industry, and the role the CISO will play all have to be considered. That said, there are some common practices regarding who a CISO reports to:

    What Does a CISO Do?

    A Chief Information Security Officer is the leader of an organization’s IT security department and its team members. This is a senior-level management position responsible for selecting, overseeing, and providing leadership for any initiatives that concern the overall security of an organization. The CISO role requires technical and non-technical skills and knowledge that are learned academically and through work experience.

    How Do You Become a CISO?

    It typically takes many years to become the Chief Information Security Officer (CISO) for an organization, but the work will be worth it. Over a period of years, IT professionals gain technical experience and other non-technical skills and knowledge that help make a great leader. Professionals in the CISO role usually have work experience, education, and certifications in information security.

    How Long Will It Take To Be Job Ready?

    If you can dedicate
    hours per week, you can be certified in just...
    2 months
    What Will I Learn?
    Foundations
    Focused on the core IT competencies that cybersecurity professionals need to succeed in any career path.
    Defensive Security
    Focused on trying to find the bad guys. Topics such as threat intelligence, threat hunting, network monitoring, incident response. Defensive security is a reactive measure taken once a vulnerability is found through prevention, detection, and response.
    Engineering and Operations
    Focused on building and operating information systems.
    Governance, Risk, and Compliance
    Focused on the core IT competencies that cybersecurity professionals need to succeed in any career path.
    Leadership and Management
    Focused on program design and oversight. Covers project and program management.
    Offensive Security
    Focused on validating security controls by trying to break them (i.e. penetration testing or ethical hacking). Topics such as Kali Linux, metasploit, scanning, and privilege escalation. Offensive security seeks out the problem or vulnerability through ethical hacking and finds a solution to disable the operation.
    Offensive Security
    Focused on the core IT competencies that cybersecurity professionals need to succeed in any career path.

    Instructors

    Philip Kulp

    I have been captivated by technology since I received my first computer at the age of 8. Currently, I test web applications and perform security code review for applications developed in Java, .Net, Python, JavaScript, and a few other languages.

    Ed Amoroso

    I'm an experienced Chief Executive Officer, Chief Security Officer, Chief Information Security Officer (second person to hold the CISO position in history), University Professor, Security Consultant, Keynote Speaker, Computer Science Researcher, and Prolific Author (six published books) with a demonstrated history of working in the telecommunications industry beginning at Bell Labs and leading to SVP/CSO position at AT&T.

    Nikki Robinson

    Course Outline

    Course
    1
    H:
    46
    M
    2
     CEUS

    Executive RMF

    This course will discuss the NIST Risk Management Framework (RMF) from an executive perspective. Each module will not only address each step in the RMF process, but how this process can be implemented into your organization or business.
    Learn More & Enroll
    Course
    0
    H:
    58
    M
    1
     CEUS

    CISO Security Controls: Enterprise Controls

    This is the first course in Ed Amoroso's 50 Security Controls, which covers the enterprise controls derived from the TAG Cyber Fifty Enterprise Controls. The enterprise controls provide students with an executive high-level strategy with which to secure their organization from threats, data breach, and intrusion.
    Learn More & Enroll
    Course
    0
    H:
    41
    M
    1
     CEUS

    CISO Security Controls: Network Controls

    This is the second course in Ed Amoroso's 50 Security Controls, which covers the network controls derived from the TAG Cyber Fifty Enterprise Controls. The network controls provide students with an executive high-level strategy in network security and covers trends in the network control areas.
    Learn More & Enroll
    Course
    0
    H:
    59
    M
    1
     CEUS

    CISO Security Controls: Endpoint Controls

    This is the third course in Ed Amoroso's 50 Security Controls, which covers the endpoint controls derived from the TAG Cyber Fifty Enterprise Controls.
    Learn More & Enroll
    Course
    0
    H:
    56
    M
    1
     CEUS

    CISO Security Controls: Governance Controls

    This is the fourth course in Ed Amoroso's 50 Security Controls, which covers the governance controls derived from the TAG Cyber Fifty Enterprise Controls. The governance controls provide students with executive strategies, to implement and maintain a variety of dynamic security management domains.
    Learn More & Enroll
    Course
    0
    H:
    57
    M
    1
     CEUS

    CISO Security Controls: Data Controls

    This is the fifth course in Ed Amoroso's 50 Security Controls, which covers the data controls derived from the TAG Cyber Fifty Enterprise Controls. The data controls provide students with a high-level overview of data security, encryption, and vulnerability management policy.
    Learn More & Enroll
    Course
    0
    H:
    59
    M
    1
     CEUS

    CISO Security Controls: Industry Controls

    This is the sixth course in Ed Amoroso's 50 Security Controls, which covers the industry controls derived from the TAG Cyber Fifty Enterprise Controls. The industry controls provide students with an executive anlysis of trends in the security industry in valued training and development.
    Learn More & Enroll
    Course
    0
    H:
    58
    M
    1
     CEUS

    CISO Competency - Innovation

    This is the first course in Ed Amoroso's Twelve Competencies of the Effective CISO, which focuses on the CISO Competency in Innovation. The habit of innovation is an essential competency for any CISO trying to navigate variety of dynamic threats, risks, oppurtunities, and failures, so it is essential in an evolving business environment.
    Learn More & Enroll
    Course
    0
    H:
    55
    M
    1
     CEUS

    CISO Competency - Finance & Administration

    This is the second course in Ed Amoroso's Twelve Competencies of the Effective CISO, which focuses on the CISO Competency in Finance & Administration. An awareness and understanding of corporate finance and business administration is essential to succeed as an exec. This includes expertise in competing for budget, resources, staff, and more.
    Learn More & Enroll
    Course
    0
    H:
    59
    M
    1
     CEUS

    CISO Competency - Security

    This is the fourth course in Ed Amoroso's Twelve Competencies of the Effective CISO, which focuses on the CISO Competency in Cyber Security Expertise. The CISO must serve as the governing expert in cyber security for the organization. The CISO must possess excellent working-knowledge of critical security issues.
    Learn More & Enroll
    Course
    1
    H:
    0
    M
    1
     CEUS

    CISO Competency - Business

    This is the third course in Ed Amoroso's Twelve Competencies of the Effective CISO, which focuses on the CISO Competency in Business Operations. Modern CISOs must have in-depth knowledge in optimizing the increasingly-complex, connection between security and business operations.
    Learn More & Enroll
    Course
    1
    H:
    1
    M
    1
     CEUS

    CISO Competency - Discretion

    This is the fifth course in Ed Amoroso's Twelve Competencies of the Effective CISO, which focuses on the CISO Competency in Discretion and Trust. The CISO must be able to exhibit and manage high levels of discretion and trust in dealing with sensitive information regarding threats, investigations, and on-going initiatives.
    Learn More & Enroll
    Course
    0
    H:
    58
    M
    1
     CEUS

    CISO Competency - Public Speaking

    This is the sixth course in Ed Amoroso's Twelve Competencies of the Effective CISO, which focuses on the CISO Competency in Public Speaking. As a senior executive, the CISO must have the ability to speak confidently and effectively before groups ranging from large audiences to corporate boards.
    Learn More & Enroll
    Course
    1
    H:
    2
    M
    1
     CEUS

    CISO Competency - Productivity

    This is the seventh course in Ed Amoroso's Twelve Competencies of the Effective CISO, which focuses on the CISO Competency in Personal Productivity. The CISO should be able to optimize personal productivity by developing effective time management processes and prioritization skills.
    Learn More & Enroll
    Course
    0
    H:
    56
    M
    1
     CEUS

    CISO Competency - Technology

    This is the eighth course in Ed Amoroso's Twelve Competencies of the Effective CISO, which focuses on the CISO Competency in Technology. The CISO must consistantly produce deep insights into the current status and trends associated with information technology, especially in relation to security.
    Learn More & Enroll
    Course
    1
    H:
    2
    M
    1
     CEUS

    CISO Competency - Threats

    This is the ninth course in Ed Amoroso's Twelve Competencies of the Effective CISO, which focuses on the CISO Competency in Threat Insights. The CISO must maintain accurate and realistic insights into the evolving threats facing cyber security teams, and produce qualitative and quantitative assessments for risk decisions.
    Learn More & Enroll
    Course
    0
    H:
    59
    M
    1
     CEUS

    CISO Competency - Compliance

    This is the tenth course in Ed Amoroso's Twelve Competencies of the Effective CISO, which focuses on the CISO Competency in Balancing Compliance. The effective CISO navigates compliance and security in supporting a balanced cyber risk management program, with an in depth understanding of industry frameworks.
    Learn More & Enroll
    Course
    0
    H:
    59
    M
    1
     CEUS

    CISO Competency - Risk

    This is the eleventh course in Ed Amoroso's Twelve Competencies of the Effective CISO, which focuses on the CISO Competency in Risk Orientation. Developing a complete risk structure and framework for enterprise security prioritizes safeguards, minimizes expenses, and maximizes support and mitigation for business operations.
    Learn More & Enroll
    Course
    1
    H:
    3
    M
    1
     CEUS

    CISO Competency - Leadership

    This is the twelfth course in Ed Amoroso's Twelve Competencies of the Effective CISO, which focuses on the CISO Competency in Leadership and Vision. Every successful CISO incorporates leadership skills and a clear vision into their approach to guiding their program, staff, and other stakeholders, including the CEO and Board.
    Learn More & Enroll
    Course
    0
    H:
    53
    M
    1
     CEUS

    Enterprise Security Leadership: Negotiation Skills for Cyber Leaders

    In this session of Enterprise Security Leadership in the Modern Era, Ed Amoroso reviews the 8 rules of good negotiations and how they align not only to professional and personal life, but how they are central to maintaining proper Cybersecurity.
    Learn More & Enroll
    Course
    0
    H:
    59
    M
    1
     CEUS

    Enterprise Security Leadership: Team Dynamics for Cyber Leaders

    Team dynamics, like many other areas of role and career development, is important in an industry plagued with misconceptions and global pressure. Taking on a leadership role in cybersecurity comes with a different set of responsibilities.
    Learn More & Enroll
    Course
    1
    H:
    1
    M
    1
     CEUS

    Enterprise Security Leadership: Conflict Resolution for Cyber Leaders

    Learn from Ed Amoroso and guest Chris Kubecka as they uncover the uncomfortable topic of conflict management, and reveal real-world examples and experiences that leaders can use in current situations.
    Learn More & Enroll
    Course
    0
    H:
    59
    M
    1
     CEUS

    Enterprise Security Leadership: Learning Methods for Cyber Leaders

    Ed Amoroso and Cybrary’s own, Leif Jackson dive into the working model of training: Learn, Discuss, Practice, Apply, and Challenge.
    Learn More & Enroll
    No items found.
    No items found.

    What Our Learners Are Saying

    Join 3 million+ users, including 96% of Fortune 1000 companies who use our platform to upskill their teams. See what the buzz is about - start learning for free!

    I've been having concerns on how to start in terms of building my #cybercareer with a sustained path. So I got introduced to Cybrary and I was able to enroll and startup early last week and I have gone through two sessions, getting to know Cybrary and also a view of what cybersecurity is from their perspective. That gave me an overall view of what jobs are found in the space, their general responsibilities, required skills, necessary certifications and their average salary pay... Cybrary has given me a greater reason to pursue my hearts desire at all cost.

    Jamal O.
    Student

    Thanks to Cybrary I'm now a more complete professional! Everyone in [the] cybersecurity area should consider enrollment in any Cybrary courses.

    João S.
    IT Administrator - CISSP

    The interviewer said the certifications and training I had completed on my own time showed that I was a quick learner, and they gave me a job offer.

    Justin B.
    IT Specialist

    Our partnership with Cybrary has given us the opportunity to provide world-class training materials at no cost to our clients, thanks to the funding we’ve received from the government. Cybrary offers a proven method for building a more skilled cybersecurity workforce.

    Katie Adams
    Senior Director

    All of the knowledge, skills, and abilities gained through the program were essential to me impressing the employer during the interview.

    Gabby H.
    Senior Security Analyst

    Cybrary is a one-stop-shop for my cybersecurity learning needs. Courses on vulnerability management, threat intelligence, and SIEM solutions were key for my early roles. As I grow into leadership roles influencing business policy, I’m confident Cybrary will continue developing the knowledge and skills I need to succeed.

    No Name
    Senior Cybersecurity Consultant and Virtual CISO

    After tens of minutes, I proudly have achieved my certificate of continuing education for Intro to Infosec... Doing everything I can to avoid retaking the CISSP test! Thanks Cybrary - 1 CPE at a time!

    Alex H.

    We’ve had six students this summer, all with different schedules, so we’ve been trying to balance their learning experience with some practical work. It’s not like they’re all sitting in a classroom at the same time, so the ability for them to learn at their own pace without any additional support has probably been the biggest benefit of using Cybrary.

    Collin Ricker
    Business Development Manager

    Just finished the third out of four MITRE ATT&CK Defender courses on Cybrary... If anyone is interested in learning how to do ATT&CK based SOC assessments I would definitely recommend this course. The best part is that it is FREE!

    Eric T.
    AWS Certified Cloud Practitioner

    Excellent new series of courses from Cybrary, each course covers a different CVE, demonstrates vulnerability and its mitigation.

    Raul C.
    Cybersecurity Specialist

    I've successfully completed the career path provided by Cybrary to become a SOC Analyst - Level 2. Eventually, do what you love, and do it well - that's much more meaningful than any metric.

    Wissal Ayari
    SOC Analyst

    Cybrary is helping me proactively build skills and advance my career. Labs put concepts immediately into practice, reinforcing the content (and saving me time not having to spin up my own VM). Career paths lay everything out clearly, so I know what skills to prioritize.

    No Name
    Enterprise Analyst

    I got a job as a cybersecurity analyst at Radware with a salary I've never even dreamed about AND with no prior experience.

    Alexei Z.
    Cybersecurity Analyst

    Thank you to Cybrary for providing this opportunity to complete the Cybrary Orientation Certification program with such sleekness and detail-oriented learning.

    Ganesh Y.

    So far I have really been enjoying Cybrary's SOC Analyst Training, it has been very informative. I just finished up with the command line section and now I'm on to the more fun stuff (Malware Analysis). I think it's so dope that platforms like this exist. This is a game changer.

    Tobias Castleberry
    SOC Analyst, Security+ Certified

    I decided to check out Cybrary and the courses they had to offer after seeing a few posts from people who had completed their courses. I'm happy to say that their instructors are knowledgeable and clear, and their course catalogues are extensive and offer relevant career path courses.

    Nazli S.
    AWS Certified Cloud Practitioner

    Glad to have discovered Cybrary they are such a great tool to use to help diversify your knowledge through lessons, assessments and practices. All compact[ed] into highly detailed and informative chunks of information. Feeling very content with the results.

    Temi B.
    Cisco Certified Network Associate

    Well, it took a long time, yet I struggled hard to complete the course "Become a SOC Analyst - Level 2" by Cybrary. Cybrary is the best platform that I have ever come across. Tons of virtual labs, great in-depth insights from the experts, and the best career path/learning modules.

    Madiraju Pranay Kashyap
    Programmar Analyst Trainee

    I am currently working in a restaurant and going to school full time. But it is not stopping me from working on gaining more and more skills. I have already spent more than 30 hours on Become a SOC Analyst level 1 [with] Cybrary and still have 67 hours to go.

    Abibou F.
    SOC Analyst Level 1 Learner
    Register
    Join over 3 million cybersecurity professionals advancing their career
    or sign up with
    Thank you! Your submission has been received!
    Oops! Something went wrong while submitting the form.
    This is some text inside of a div block.
    Button Text