Becoming a CISO: Career Paths, Responsibilities and More
Chief Information Security Officers are becoming more important to organizations, as IT environments become larger and more complex, and cyber attacks continue to rise. This makes IT security essential part of maintaining business continuity – and that is where the CISO comes. They deal with everything from doing security reviews and educating employees on practices to mitigating cyber attacks, even sometimes consulting with law enforcement depending on the size of organization. So what steps should you take if you’re interested in becoming a CISO?
What does a CISO exactly do?
First let’s start by talking about the responsibilities for the CISO. Chief Information Security Officers are responsible for overseeing and the IT security initiatives at a company, including operations, strategy and budget. At bigger companies this can include working with law enforcement, the FBI or government regarding IT security matters and incident investigations.
Specific responsibilities of the CISO depend on the size and type of organization. They could be involved in anything from monitoring vulnerabilities to the network and systems to supervising security procedures and standards. They also work with management to implement IT security practices and reviews, as well as be responsible for handling security incidents and doing proper investigation into them. A CISO is also responsible for educating the employees at a company around best security practices and awareness through developing programs. In addition, the CISO could also take part in managerial tasks that do not involve technology. The CISO reports to the CIO and CEO at the company.
Chief Information Security Officer Background
Most CISOs need to have at least a Bachelor’s degree in Computer Science, Cyber Security, or another technical field. Schools like Lewis University offer online programs such as the Master of Science in Computer Science with a concentration in Cyber Security. Utica College also offers online-only programs with a primary focus in Cyber Security, including a Bachelors and a Master of Science.
Career Paths for The CISO
Since being a Chief Information Security officer is a C level management position, it takes years to work up to through a number of different career paths. Those interested in working up to a CISOs should consider starting out as either a System Administrator, Security Administrator or Network Administrator. After that, focus on moving up to higher IT security focused positions, such as Security Engineer, Security Consultant, Security Analyst, and other similar roles. It takes aspiring CISOs about seven to twelve years of IT security experience before being eligible to apply to that coveted CISO position.
CISO Hard and Soft Skills
CISOs also need to have extensive knowledge about regulatory compliance rules and guidelines, including HIPAA, SOX, PCI, NIST, and others, as well as third party auditing methodologies based around them. Enterprise and security architecture, as well as knowledge surrounding security around authentication, VPN, DNS, routing, and more. Programming languages such as C, C++, C# and PHP and secure coding practices are also important for the CISO to possess. In order to keep an organization protected, the CISO must also have extensive knowledge of prevention protocols around firewall intrusion and detection.
CISOs often need to utilize the following soft skills:
- Excellent communication skills
- Interpersonal skills
- Strategic planning
Certifications for The CISO
There are certain security certifications that are required or beneficial for CISOs to have. CISM (Certified Information Security Manage) and CISSP (Certified Information Systems Security Professional) are the most widely recognized. Other security certifications also include:
- CISA Certified Information Systems Auditor
- GSLC GIAC Security Leadership
- CISSP-ISSMP Information Systems Security Management Professional
- GSLC GIAC Security Leadership
Certifications for CISOs hold a lot of weight. According to Burning Glass, 35% of cybersecurity positions require industry certifications compared to 23% of IT jobs. Aspiring CISOs would be wise to look into getting certified in their field.
Current Job Outlook for The CISO
Job outlook for CISOs is very promising with more job openings every year, and not enough people to fill them. CISOs earn an average of $233,333 according to DICE, with San Francisco, San Jose, and New York City being the highest paying cities according to SilverBull.
If you’re considering becoming a CISO, the time is now. Getting certified and following a career path in IT security are a great way to get started.