Main image of article Advice to Aspiring CISOs

The chief information security officer (CISO) role, the top leadership role in security, has grown in visibility and significance over the past decade. These leaders face immense pressure and scrutiny, but positive outcomes can make the role incredibly rewarding. CISOs must possess a unique blend of technical and business acumen as they build and sustain dynamic programs, champion company-wide security initiatives, and deliver critical guidance to the board and fellow members of the C-suite. 

While career opportunities in security are abundant—recent research shows 3.5 million open positions globally—many individuals aspire to leadership. However, there are many avenues that lead to the CISO role, and it can be difficult to understand the best path to take or what resources to tap into to get there. Those considering following a cybersecurity career path to the CISO role should consider the following tips:

There is No “Right” Path

The most important thing to recognize is that there’s no single “right” path. Unlike other career fields with fairly well-defined college-major-to-career trajectories outlined, security has room for people from many different backgrounds. Over the past decade, we have seen many great university programs form, but the fact remains that demand substantially outweighs supply in the case of cybersecurity. It is not uncommon for an individual to start in one field and enter security later or work in various IT roles and eventually land in cybersecurity.

There are numerous ways to start or continue your career path, no matter where you are—from the help desk to systems administration or networking to IT manager and then security. If cybersecurity interests you, do not let your current role hold you back.  

Don’t Forget the Soft Skills

It is crucial to fully understand what a CISO role entails. You’ll be responsible for the entire security operations of a company, and required to work alongside numerous departments, not just the cybersecurity team. It’s one of the few roles where you truly blend the people, the technology, and the business as one hybrid role. You can be better at the technology side or the business side. Still, you will have to be able to speak those different languages and build relationships across various business functions. 

For this reason, it is incredibly important to hone your “soft skills.” This encompasses interpersonal communication, public speaking, listening, empathy, problem-solving, and teamwork, among others. One of the most important aspects of the CISO role will be communicating the value of your team’s work and lobbying for resources, which requires great presentation and articulation skills. Implementing large projects will require building collaborative cross-functional relationships. And effectively leading a team requires compassion, empathy, and leadership.

It is also important to understand how security connects to business outcomes. Consider taking a few business and leadership courses to help you build your prowess in these areas. Partner with stakeholders within the business to understand their goals and align security priorities in support of those goals.

While technical expertise may be the path you take to the CISO role, soft skills will be imperative to your success as a CISO. 

Spend Time Expanding Your Network

They say it’s not just what you know; it’s who you know. While that isn’t entirely true, being well-connected can certainly open many career opportunities in the field of cybersecurity. Connections can help by making recommendations and referrals. Many CISOs also serve as advisors and mentors, which enhances their resumes and skillsets. These opportunities for career growth often come through networking.

Beyond that, having a network to tap for technology or business questions is invaluable. When evaluating new technology or dealing with a new threat, chances are high that someone else is facing the same issue or already has an effective strategy deployed. Knowing where to go and who to lean on in a time of need is half the battle.

Join a peer networking group, such as Infragard, ISSA, the ISACs, etc., or a nonprofit organization (here's an excellent list for starting), as well as social media groups and Slack channels. Attend industry events or join a virtual roundtable discussion. Regardless of the path you choose, put in the effort to connect with others in the field.

Invest in Yourself

You don’t make big jumps in your career if you don’t take chances. Push yourself outside your comfort zone. Learn new technologies you’ve never used. Make it a habit to research emerging technology and then hone your new skills. Become as much of an expert as you can in these areas of interest. 

If you’re currently a cybersecurity practitioner and even if you don’t hold a leadership role, share your own stories on cybersecurity or tech podcasts. Talk about the topic that you're passionate about so that others can learn from your experiences. Based on the discussion, other practitioners may hear your insight and reach out, which can lead to further meaningful connections. 

There is no right path to the CISO role and no true map for success. Overall, it’s your set of experiences and your ambition that really matters. Understanding your personal goals, building both technical and soft skills, growing your network, and investing in yourself will propel you forward on your path in cybersecurity. And finally, know your value and don’t be afraid to demonstrate your worth at every opportunity. 

Ryan Davis is CISO of NS1, An IBM Company