[BreachExchange] Evolution to Becoming a Modern Day CISO

[Destry Winant]

https://www.infosecurity-magazine.com/opinions/evolution-modern-ciso/

Today’s top CISOs come from many different backgrounds: some have held
more technical roles and decided to switch gears and learn the art of
business, while others came from a strong compliance and policy
background and were inspired by the machinations of security.

Whatever their origin, each CISO has its own blend of qualifications,
experience, and hard-won skills. As a result, there’s no strictly
defined career path for aspiring CISOs.

Where to start? Understanding the CISO Role
If you plan to ascend the ranks of security leadership, everything
starts with understanding what new responsibilities you will have to
undertake and your willingness to step up even before landing the job.
Be proactive in finding solutions to the problems your organization is
currently facing. Security practitioners that take on additional
responsibility will demonstrate their added value, and in return, will
gain skills and experience that are essential in a security leader.

The typical CISO oversees four main security pillars that include
security architecture and engineering, operations, cyber resilience
and regulatory and IT compliance. However, they are increasingly
taking ownership of other tasks such as risk and governance, business
continuity, identity and access management (IAM), fraud prevention,
and more.

Being a CISO isn’t just about being responsible for security functions
A recent study by Kudelski Security discussed the need for modern
CISOs to display a broad range of skills and expertise that go beyond
technology. A CISO needs to guide the organization towards a proactive
approach to security, manage risk tolerance and advise the board on
cyber risks while providing a security strategy.

In addition, today’s CISO has to be well-versed in business acumen and
promote security as a business enabler with a clear return on
investment (ROI). They will have to build relationships with other key
stakeholders across the organization to identify opportunities to add
value. A CISO also has to act as an educator, coaching and empowering
both technology teams to understand the business goals and business
leaders to understand the value of security.

The Pathway to Becoming a CISO
While the career progression to become a CISO is far from linear,
there are some steps that help create your own path. Among CISOs,
CIOs, and security recruiters, there’s a clear consensus on the steps
prospective security leaders should take to ready themselves for the
role:

- Get a mentor: A mentor will be critical in helping develop the
skills and experience you need. Ideally, you will rely on your current
CISO. If they are not suitable, your first step is to identify
possible mentors outside the organization.
- Build your skillset: Seek out opportunities to develop yourself, in
both technical and ‘soft’ skills. Take advantage of any opportunity to
expose yourself to a new aspect of security and leadership. Don’t wait
to be asked, proactively seek ways to get involved in new projects
within your team and others that might interest you.
- Get education and certifications: Your organization should provide
some support, but don’t rely on that exclusively. Ask your mentor and
peers for advice on the best training to pursue and invest in
yourself. Certifications might not be a requirement for some
organizations, but they showcase the technical level of a candidate.
- Work on your soft skills: The biggest differentiator between
security practitioners and leaders is their ability to build
relationships across the organization. Take every opportunity to
develop your soft skills and expose yourself to situations that demand
skills like communication, relationship building, and public speaking.
- Get involved in the industry: The saying goes that ‘it’s not what
you know, it’s who you know’. In this case, it’s both. Building your
network and becoming known in the security industry is a great way to
open opportunities for yourself and learn from the people that have
gone through the same experience.
- Boost your visibility with executives: Look for opportunities to
assume responsibilities associated with a more senior role than you
are currently in. The more exposure you have to senior-level business
and executives, the more comfortable you’ll be in that environment.

At all stages of your path, express your career objectives clearly to
your leaders and ask them for development opportunities. If you do
this consistently, you’ll gain the experience you need much more
quickly than if you sit back and wait for a chance.

Building the Future of Security Leadership
The security field is growing rapidly, and CISOs are taking on an
increasingly wide range of responsibilities. As cybercrime continues
to grow, and organizations rely even more heavily on their digital
infrastructure, strong leadership will be critical to ensuring the
effective management of cyber risk.

The next generation of modern CISOs will have to face new challenges.
Identifying and nurturing their hard and soft skills will be paramount
as both their knowledge of security and the business will help them
navigate a constantly evolving security landscape and become the
bridge between technologists and business executives.