Itās good to have goals.
Even if youāre just starting your cybersecurity career, you may already be thinking about the top job in the field, Chief Information Security Officer. And itās not too early to start — for example, with Springboardās cybersecurity bootcamp that guarantees you a career in cybersecurity or your tuition back. If your ultimate goal is the CISO chair, thereās several steps you need to follow to get there, and itās smart to keep your eyes open for those opportunities along the way.
Remesh Ramachandran, a security researcher and consultant for the government, spells it out in a Medium post.
āThe possible career path which is taken by the individuals to become a CISO include starting the career as a programmer or analyst, study to become a security analyst, get more certifications and training, supervise a Security team, obtain an MBA degree in the Information security field and then get promoted as Chief Information Security Officer.ā
Letās look at these steps.
- Put in the time
Becoming a CISO is not something youāre going to be able to do right away. Companies expect CISOs to have several years of experience under their belt first, in progressively more responsible roles.
āA CISO must have spent years in the field of information security with a strong technical foundation,ā Ramachandran writes. āIt is not possible to get a CISO status unless you have extensive field experience. 6ā12 years of work experience with at least five years in a management role is required for a CISO role.ā
- Get the certifications
You may have gotten your foot in the door with the CompTIA Security+ or Certified Ethical Hacker certification. But if you want the top job, youāre not done. Fortunately, there are certification courses and exams for every step along the way.
Examples Ramachandran cites include:
- CISSP: Certified Information Systems Security Professional
- CCISO: Certified Chief Information Security Officer
- CISM: Certified Information Security Manager
- CEH: Certified Ethical Hacker
- OSCP: Offensive Security Certified Professional
- CISA: Certified Information Systems Auditor
- GSLC: GIAC Security Leadership
- CGEIT: Certified in the Governance of Enterprise IT
- Get the degree
Chances are, if you want to become a CISO, youāre going to need a college degree ā perhaps even more than one. āA CISO must possess a minimum of a Bachelorās degree,ā Ramachandran writes, typically in computer science, cybersecurity, or business. A Masterās degree, either in IT security or an MBA ā or both! ā might also be required, he adds.
And even after the degrees and certifications, youāre not done, notes Cybersecurity Guide. You need to keep up on the latest trends, both defensively and offensively. āIt is vital to remain current with what is happening in the industry. Keeping skills and knowledge up to date with the latest trends is even more critical for CISOs as they are charged with deciding how the entirety of any companyās varied infosec resources will be deployed now and in the future.ā
- Pick up the soft skills
As a C-level executive, the CISO needs to interact with other C-level executives in terms they can understand. That means learning to speak the language of business and presenting cybersecurity threats and vulnerabilities in business terms ā dollars and cents ā without getting too down in the weeds on the technical details.
āThe most important step you can take to prepare yourself for an executive-level role is to learn to think like a businessperson,ā writes Abbas Kudrati,Ā chief security advisor for Microsoft. āWho are your customers? What are the big opportunities and challenges in your industry? What makes your company unique? What are its weaknesses? What business strategies drive your organization?ā
The best way to do this? Learn to tell stories.
āPeople will ignore what you say when youāre only speaking technical,ā James Stanger, chief technology evangelist at CompTIA, told CSO Online. āYour career doesnāt advance and then you have to deal with the downstream issues that youāre causing because no one is listening to you.ā
So, how do you get those skills? Look for opportunities where you need to present information to a variety of different audiences, either in writing or through public speaking.
- Network
Thatās networking between people, not between machines. Itās important to talk to other people in the field, not just to gain information but to become known as an expert.
āGet involved in the industry: The saying goes that āitās not what you know, itās who you knowā. In this case, itās both,ā writes Jason Hicks, Global CISO at Kudelski Security, in Infosecurity Magazine. āBuilding your network and becoming known in the security industry is a great way to open opportunities for yourself and learn from the people that have gone through the same experience.ā
Here are some ways you can do that:
- Look for webinars on cybersecurity topics, not just to learn but to learn who the players are so you can contact them later
- Look for opportunities to participate in industry webinars yourself, and make sure to provide your contact information
- Join cybersecurity organizations, particularly ones geared toward CISOs
If youāre looking to get started on building towards being a CISO, look no further than Springboardās