The CISO career is quite a challenging choice these days, and it’s getting tougher.
As an ex-CISO who now works in a supportive role to many Fortune 500 CISO’s, I’m noticing a trend that is strongly prioritizing business-savvy over and above technical skills. This leads to situations where the traditional career path to the top security role is crumbling; security staff who have dutifully worked for an organization for years are overlooked when the incumbent CISO leaves and a new person is parachuted in with minimal technology skills and, quite often, zero infosec skills.This can be heart-breaking for the aspiring security staff, but it's important that we learn a lesson from this current trend. Business leaders have at last come to realise that information security and risk management is vital to the health and sustainability of their organization – and now they want to be able to talk about and deal with the topic in their terms.Anyone who aspires to be a CISO, or who wants to retain their CISO position over the next 5 years, must start to focus on this business transition. You may not need an MBA, but recognise that you are likely to be competing for roles with candidates who have them. If you can keep up with these staff on the business side then you can leverage your security skills to make yourself the ideal candidate.So consider:
- Can you read and explain your company’s annual financial report?
- Can you recall your company’s strategic goals over the next 3 years, and describe how your security strategy supports these targets?
- Can you pull together a business case that is both strategically, and financially compelling?
- Can you point to a track record of delivering programs of change to time and to budget?Whatever we think today, it’s likely that that these type of skills are going to become more in demand for the top security roles as we progress. Security operations can be exciting and fulfilling, however, if you aspire to climb the security ladder it’s vital that you support your technical insight with real business intelligence.