- A resume that demonstrates methodical career progression and shows increased responsibility over a period of time versus a resume that shows a significant number of job changes.
- A BA/BS degree from a brick and mortar college or university. Frequently a Master's degree is desired. Not all employers think this way but some that I’ve encountered do. They don’t like what they consider to be “Internet Degrees” from schools that don’t have a brick and mortar foundation.
- Some employers will expect candidates to come to them with experience in their industry. Banking hiring decision makers frequently want to hire a CISO or CSO who is coming directly from a bank. An Oil & Gas company frequently wants to see CISO and CSO talent from another oil and gas company, etc. What does this mean? Don't expect that a bank will be interested in you if you've been working in the highly unregulated environment of a hedge fund. Flip the coin and the hedge fund might not see you fitting well into their largely unregulated environment if you're career comes from the highly regulated banking industry.
- Employers generally expect to see one, two or maybe a few certifications in a CISO or CSO candidate’s resume. The specific certification at this level isn’t always the issue. It is the idea that someone who is serious about their career in security will have secured the proper credentials…education and certification…to match up with their career experiences.
“With my luck, when my ship comes in, I’ll be at the airport”