How to Become a CISO
How do you become a CISO? It doesn't follow a linear pattern as many other professions. There are many different paths and there are many different entry points.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark , the producer of CISO Series , and Steve Zalewski . Our guest is Yabing W. , CISO, Justworks . Here’s what we discussed.
Know your business. This is the advice we’ve heard again and again and echoed multiple times on our show. You should know the answers to simple questions such as, “What are their objectives and desired outcomes,” said Drew Brown of Federal Aviation Administration . And Ron Sharon suggests learning basic business skills such as accounting and finance. But ultimately, “understand that CISOs advise the business but are not the final decision makers when it comes to risk acceptance,” said Sharon.
Look for opportunities to engage with the business around risk. “These discussions don’t have to be about security or cyber risk. It could be any kind of risk,” said Jeremy Thompson, MBA of Highline Warren .”Socializing risk identification, management and mitigation are key to helping business leaders understand and comprehend when time comes to talk about cyber risk."
CISOs lead people, but they need mentorship to get there. "Be a mentor and find yourself a mentor. You learn so much from your mentees and get to see the world through a different lens,” said Shakira K. of Costco Wholesale . And don’t forget that a CISO’s primary job is to lead people, “We should never forget that we're actually people leaders and you must be comfortable with being their cheerleader, sounding board, target of frustration, source of energy, and inspiration,” said Chris Zell, CISSP, Veteran of Dell Technologies .
Ask yourself, “Why do you want to be a CISO?” Just because you’re in security and CISO is the “top of the cybersecurity food chain” it may not be the appropriate job for you, noted Kevin F. . And Adam Drabik who is a CISO at Monument Re Group actually had a long list of why you shouldn’t become a CISO. He argued that CISO is a one way role and you can’t really step back into other roles. Although many CISOs do leave to do other projects like consulting, working with VCs, or starting their own cybersecurity startup. Drabik warned, “CISO is really just a fancy name of a junior accountant watching after security budgets and resources. You will be lucky to spend more than 20% time on security proper."
Please listen to the full episode here, on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast , please go ahead and subscribe now.
Thanks to all our other contributors (witting and unwitting): Samantha Buckenmaier of Stanton House , John Prokap of Success Academy Charter Schools , and Kenton McDaniel , of Henry Schein One .
HUGE thanks to our sponsor SPMB Executive Search
Join Super Cyber Friday tomorrow for "Hacking Kubernetes"
Please join us tomorrow, Friday, March 17th, 2023 for Super Cyber Friday.
Our topic of discussion will be “Hacking Kubernetes: An hour of critical thinking on dealing with new and emerging complex and transient container environments.”
Joining me for this discussion will be:
领英推荐
Jimmy Mesta ?? , CTO, RAD Security and Mark Manning , principal security architect, Snowflake
It all starts at 1 PM Eastern/10 AM Pacific. At the end of the hour [2 PM Eastern/11 AM Pacific] we'll switch gears to our meetup where everyone will get a chance to chat face to face.
HUGE thanks to our sponsor RAD Security
Cyber Security Headlines - Week in Review?
Make sure you?register on YouTube ?to join the LIVE "Week In Review" this Friday for?Cyber?Security?Headlines?with?CISO Series?reporter? Richard Stroffolino .?We do it this and every Friday at 3:30 PM ET/12:30 PM PT?for a short 20-minute discussion of the week's cyber news. Our guest will be? JJ A. , CISO, FanDuel .
Jump in on these conversations?
"For those who have been in the cybersecurity game for a while now - what advice would you give your younger self, in a single tweet?"?(More here )
"What's with these job postings?"?(More here )
"Is Cyber security analyst job actually a boring job?"?(More here )
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at?cisoseries.com .
Interested in sponsorship,?contact me,? David Spark .
Principal, US Sales Strategy and Consulting
1 年I didn't realize the extent of the internal business politics that the CISO role could entail - Certainly, I knew to some extent, and thanks for giving some more visibility here with your guests!
Information Security Leader helping Companies Manage Information Risk | CISO, CTO, CIO | IT Risk Management | MBA, CISM, CISSP, GSLC, GCCC
1 年Great, easy to read article that hits some great points David Spark!
Chief Digital and Business Officer at Atomicwork | Executive Leadership | CIO & CISO | CIO Thought Leadership Circle | Startups | Investor | Advisor | Non-Profit Founder | IT | Cybersecurity | B2B SaaS | AI/ML | Golfer
1 年Well done David Spark. CISO is a hot job with cold looks. Everyone is watching you, no one wants to be you. Your team is your lifeline. Communicate and collaborate to survive. Smile and say, Yes! But :-)
David Spark this is a great read and a few of those points from Adam hit home with me.
Thank you David Spark for inviting me to join the podcast! It was a fun conversation too with you and Steve Zalewski !