So you want to be a CISO?
Statistics tell us that in 2017, the number of applicants for CISO roles outnumbers demand by 2:1. This is different than cybersecurity stats as a whole that indicate we are facing a critical talent shortage. Probably the difference comes from those who are looking to up-level their career track from an experienced senior cybersecurity professional into a role that is perceived to carry more authority, more opportunity, and better compensation potential. If this sounds like you, here are some points to consider as you seek to stand out in this highly competitive CISO market.
The first point is Clarity. There are great elements and not-so-great elements to the CISO role. When I was interviewed as the Microsoft CISO at an RSA conference, I was asked a lot of questions but the one that made it into the press was this: “If you think you want to be a CISO, have a lie down somewhere until the feeling goes away.” That was back in 2005. The hot seat for CISOs has not gotten any easier since then. The first thing I ask aspiring CISOs is, “What’s your Why?” taken from the excellent book by Simon Sinek It Starts with Why. There’s no right or wrong answer. There just has to be clarity of purpose for your personal choice. When you are crystal clear about your true why for choosing a CISO career track, you’ll be far more confident and convincing when you speak with future employers.
The most important question on which you must get clarity is, ``Why do I want to do this?``
The second point is communication. Successful CISOs are brokers of influence, and usually not power. This requires networking, presence, and skills of, yes, story telling. It requires the ability to compile vast amounts of information from disparate sources including IT, HR and lines of business, analysis, and distilling the “as is” into the “to be” state change into 3-4 core strategies. All this has to be cast into the story line that culminates in a compelling call-to-action for the desired outcomes. I’ve always used this measure of whether my message is clearly communicated: the recipient of my call to action must be able to recite it without error into a live microphone under duress.
For the sake of simplicity, and in keeping with the “C” theme, the last key point on this list is Collaboration. Cybersecurity is probably the most interesting technology field because of the way it impacts every aspect of the business from backend office systems to business processes all the way to the customer experience. It involves vendor management, procurement, legal, HR, physical plant, finance, you name it. Those who collaborate best tend to have a well-developed ability to reframe any situation in order to see all sides. Employers often speak of the desire to have a cybersecurity leader who is able to truly understand the business. It can’t hurt to have an MBA, or at least demonstrable evidence of a strong business perspective, as part of your resume.
So the elements for this week are: Clarity, Communication, Collaboration. Let me hear from you whether you are an employer or a CISO candidate. What are your thoughts?
Best of luck in your search. Cybersecurity truly is an amazing career field with many options. CISO is just one of them. It isn’t the golden ticket. If you are figuring all this out, consider one of our coaching programs under Talent Development. Given the compensation packages for qualified CISO talent, it is a wise investment if this is your desired track.