Cybersecurity professionals have a unique opportunity to
make the world a safer place. Our work protects important economic and public
interests from real threats. It’s a high-stress, high-reward job career path
that can provide life-long satisfaction. Wise security professionals
strategically take on roles that have increasing impact over time and
demonstrate value to employers. This is especially true for those who aspire to
be a CISO.Having been in the cybersecurity field for 25 years, I’ve
held a number of impactful positions, including running a cyber and special
operations division in the FBI and my current role as CISO for Cyxtera. I’m
happy (and extremely fortunate) to say I’ve garnered a great deal of
satisfaction from my career. From my experience working with and hiring
security professionals, I’ve found that some people don’t approach their career
in a way that sets them up for the long-term. There is no secret to success,
but some strategies work better than others. Here are my top three.Take on the Hard
Jobs.
For many young professionals, title, bonus, and salary are
often the primary drivers for accepting one job over another. My advice is to
seek out jobs that are difficult and complex.
Look for opportunities to solve hard problems with a team of
high-quality people. In my career, I looked for positions that would enable me
to learn and grow from experienced mentors solving challenging problems. This
approach has proven to be a personally rewarding strategy as it consistently
opened up professional opportunities I didn’t see coming. For example, if you’re thinking of taking a position in an
organization with a mature cybersecurity program, expect your focus to be on
making incremental improvements. From a career point of view, this is low risk.
If you have a choice, jump on a ship that’s heading into rough waters and
unchartered territory. No doubt the risks of failure are higher, but so are the
opportunities to learn and make a real difference. The short term in this role
is more work and stress. However, for the aspiring CISO who is willing to jump
in with both feet, an organization that needs a lot of improvement offers more
opportunities to make a difference.Get Out of Your
Comfort Zone.When I left the FBI in 2015, my main skill was managing
large and complex investigations. It’s safe to say that I would have been more
than comfortable in a similar role in the private sector. Rather than seek the
comfort of what was familiar, I stretched my skill set to take a position that
required technical and business expertise in areas totally unfamiliar to me.
While the learning curve was steep and often bumpy, the professional
satisfaction of the journey was well worth the effort. Leaving my comfort zone
wasn’t easy, but it opened a new set of opportunities that continue to keep me
challenged and interested.My situation in 2015 is similar to the aspiring CISO with
most or all of his or her experience in a technical role. If all of your skills
are technical in nature, you may not be ready for a leadership position in
today’s modern enterprise. The CISO role requires a broad understanding of how
the pieces of the company fit together to make it a profitable enterprise. So,
think about breaking out to take on a totally new challenge on the product
development or creative side of the company.
For example, many marketing teams are looking for technical managers who
can shape the company’s message to customers. At the start of this type of
assignment you will definitely be the “new guy.” You may even be taking orders
from someone with far less experience than you. Fear not. Having a broader view
of the business makes you more valuable to your present boss and any other
smart company looking for a multi-talented manager.Establish a Track
Record of Success.This strategy is particularly important for young
cybersecurity professionals who have their sights on a leadership position. The
key to moving from an operational to a leadership role is to amass a track
record of successes demonstrating that you can deliver a cybersecurity program
that aligns with business strategy and operational requirements. That takes
time, and it won’t necessarily happen if you’re making career choices based on
title and salary. My advice: think of your job as a rolling set of projects
and deliverables. Every once in a while, take time to reflect on what you are
trying to achieve for your employer. Once you have your thoughts collected,
talk to your boss about their expectations and make sure your list is in line
with theirs. In this effort, it helps to keep a mental (and written record) of
your goals and accomplishments - both big and small. Many young professionals
work hard and make significant contributions.
What can make or break your career is your ability to focus your efforts
to produce results and articulate your track record of success. Regardless of where you are in your career as a
cybersecurity professional, true job satisfaction comes from meaningful work.
If you know you are making a difference, financial and professional rewards
will follow.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
