Content

Career advice for current and future CISOs

Share

Cybersecurity professionals have a unique opportunity to make the world a safer place. Our work protects important economic and public interests from real threats. It’s a high-stress, high-reward job career path that can provide life-long satisfaction. Wise security professionals strategically take on roles that have increasing impact over time and demonstrate value to employers. This is especially true for those who aspire to be a CISO.

Having been in the cybersecurity field for 25 years, I’ve held a number of impactful positions, including running a cyber and special operations division in the FBI and my current role as CISO for Cyxtera. I’m happy (and extremely fortunate) to say I’ve garnered a great deal of satisfaction from my career. From my experience working with and hiring security professionals, I’ve found that some people don’t approach their career in a way that sets them up for the long-term. There is no secret to success, but some strategies work better than others. Here are my top three.

Take on the Hard Jobs.

For many young professionals, title, bonus, and salary are often the primary drivers for accepting one job over another. My advice is to seek out jobs that are difficult and complex.  Look for opportunities to solve hard problems with a team of high-quality people. In my career, I looked for positions that would enable me to learn and grow from experienced mentors solving challenging problems. This approach has proven to be a personally rewarding strategy as it consistently opened up professional opportunities I didn’t see coming.  

For example, if you’re thinking of taking a position in an organization with a mature cybersecurity program, expect your focus to be on making incremental improvements. From a career point of view, this is low risk. If you have a choice, jump on a ship that’s heading into rough waters and unchartered territory. No doubt the risks of failure are higher, but so are the opportunities to learn and make a real difference. The short term in this role is more work and stress. However, for the aspiring CISO who is willing to jump in with both feet, an organization that needs a lot of improvement offers more opportunities to make a difference.

Get Out of Your Comfort Zone.

When I left the FBI in 2015, my main skill was managing large and complex investigations. It’s safe to say that I would have been more than comfortable in a similar role in the private sector. Rather than seek the comfort of what was familiar, I stretched my skill set to take a position that required technical and business expertise in areas totally unfamiliar to me. While the learning curve was steep and often bumpy, the professional satisfaction of the journey was well worth the effort. Leaving my comfort zone wasn’t easy, but it opened a new set of opportunities that continue to keep me challenged and interested.

My situation in 2015 is similar to the aspiring CISO with most or all of his or her experience in a technical role. If all of your skills are technical in nature, you may not be ready for a leadership position in today’s modern enterprise. The CISO role requires a broad understanding of how the pieces of the company fit together to make it a profitable enterprise. So, think about breaking out to take on a totally new challenge on the product development or creative side of the company.  For example, many marketing teams are looking for technical managers who can shape the company’s message to customers. At the start of this type of assignment you will definitely be the “new guy.” You may even be taking orders from someone with far less experience than you. Fear not. Having a broader view of the business makes you more valuable to your present boss and any other smart company looking for a multi-talented manager.

Establish a Track Record of Success.

This strategy is particularly important for young cybersecurity professionals who have their sights on a leadership position. The key to moving from an operational to a leadership role is to amass a track record of successes demonstrating that you can deliver a cybersecurity program that aligns with business strategy and operational requirements. That takes time, and it won’t necessarily happen if you’re making career choices based on title and salary.   

My advice: think of your job as a rolling set of projects and deliverables. Every once in a while, take time to reflect on what you are trying to achieve for your employer. Once you have your thoughts collected, talk to your boss about their expectations and make sure your list is in line with theirs. In this effort, it helps to keep a mental (and written record) of your goals and accomplishments - both big and small. Many young professionals work hard and make significant contributions.  What can make or break your career is your ability to focus your efforts to produce results and articulate your track record of success. 

Regardless of where you are in your career as a cybersecurity professional, true job satisfaction comes from meaningful work. If you know you are making a difference, financial and professional rewards will follow.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.