How to become a CISO in 2022? Discover the path

CISO education backgrounds

The typical CISO career journey starts with an undergraduate education, and many security leaders also have master’s degrees. Historically, CISOs don’t necessarily have educational backgrounds in computer science or information technology, although that has proven controversial.

Undergraduate degrees

Some institutions today have cybersecurity programs, but a background in engineering or science fundamentals will arguably better serve an aspiring CISO.

The problem with getting an undergrad degree in cybersecurity is that much of the technology under discussion in class may no longer be relevant 10 years after graduation. A broad understanding of engineering principles and the scientific method, on the other hand, will position one to keep learning, questioning and problem-solving as technology evolves.

Graduate degrees

For graduate studies, a cybersecurity degree may be useful. But one could get just as much, if not more, value from an MBA, which can offer a better education in the business effects of technical decisions.

Remember, for a CISO, broadly understanding many technical domains and how they tie into business needs is more valuable than detailed expertise in configuring firewalls and setting up multifactor authentication. Ideally, those technical experts work for security leaders.

Certifications

Certifications have their place in cybersecurity career development, but they are not a fundamental requirement for being a CISO. Cybersecurity certifications are most useful for establishing one’s professional credibility and getting a foot in the door at a new company.

The certification that seems to enjoy the widest recognition today is the CISSP, which has optional concentrations in architecture, engineering and management. This (ISC)² certification has broad applicability in the development of security policies and procedures.

Other reputable certifications include the EC-Council’s Certified Ethical Hacker or CCISO designation and ISACA’s Certified Information Security Manager. While these and other security designations are helpful to build professional credibility, certifications alone are not sufficient to guarantee a CISO position.

CISO BOOKS

1. Cybersecurity Leadership Demystified

A comprehensive guide to becoming a world-class modern cybersecurity leader and global CISO

• Discover tips and expert advice from the leading CISO and author of many cybersecurity books
• Become well-versed with a CISO’s day-to-day responsibilities and learn how to perform them with ease
• Understand real-world challenges faced by a CISO and find out the best way to solve them

Book Description:

The chief information security officer (CISO) is responsible for an organization’s information and data security. The CISO’s role is challenging as it demands a solid technical foundation as well as effective communication skills. This book is for busy cybersecurity leaders and executives looking to gain deep insights into the domains important for becoming a competent cybersecurity leader.

The book begins by introducing you to the CISO’s role, where you’ll learn key definitions, explore the responsibilities involved, and understand how you can become an efficient CISO. You’ll then be taken through end-to-end security operations and compliance standards to help you get to grips with the security landscape.

In order to be a good leader, you’ll need a good team. This book guides you in building your dream team by familiarizing you with HR management, documentation, and stakeholder onboarding. Despite taking all that care, you might still fall prey to cyber-attacks; this book will show you how to quickly respond to an incident to help your organization minimize losses, decrease vulnerabilities, and rebuild services and processes. Finally, you’ll explore other key CISO skills that’ll help you communicate at both senior and operational levels.

By the end of this book, you’ll have gained a complete understanding of the CISO’s role and be ready to advance your career.

2. Modern Management and Leadership 

In one modest-sized volume, this book offers three valuable sets of knowledge. First, it provides best practice guidance on virtually every large-scale task a modern manager may be involved in—from recruiting and hiring to onboarding and leading teams, and from employee engagement and retention to performance management and working with difficult employees.

Second, it explains the essential concepts and practice of a range of effective leadership styles—including (but not limited to) servant leadership, crisis leadership, change agent leadership, and diversity and inclusion leadership. Third, it offers brief case studies from select CISOs and CSOs on how these management and leadership principles and practices play out in real-life workplace situations.

The best practice essentials provided throughout this volume will empower aspiring leaders and also enable experienced managers to take their leadership to the next level. Many if not most CISOs and other leaders have had very little, if any, formal training in management and leadership. The select few that have such training usually obtain it through academic courses that take a theoretical, broad brush approach. In contrast, this book provides much actionable guidance in the nitty-gritty tasks that managers must do every day.

Lack of management practical knowledge puts CISOs and CSOs at a disadvantage vis-a-vis other executives in the C-suite. They risk being pigeonholed as “security cops” rather than respected business leaders. Many articles on these subjects published in the press are too incomplete and filled with bad information. And combing through the few high-quality sources that are out there, such as Harvard Business Publishing, can take hundreds of dollars in magazine subscription and book purchase fees and weeks or months of reading time. This book puts all the essential information into your hands through a series of concise chapters authored by an award-winning writer.

3. Certified Chief Information Security Officer All-in-One Exam Guide

Take the challenging CCISO exam with confidence using the comprehensive information contained in this effective study guide.

CCISO Certified Chief Information Security Officer All-in-One Exam Guide provides 100% coverage of all five CCISO domains. For each domain, the information presented includes clear explanations, examples, background information, and technical information explaining the core concepts. The book also contains stories, advice, and experiences from CISOs that help describe the challenges of the CISO in the real world. Written by information security engineers with over 50 years of combined experience helping organizations manage their risk by protecting their assets from cyber threats.

How to become a CISO?

Consider the following six tips for becoming a CISO:

1. Develop hard skills

While the CISO is the ultimate cybersecurity generalist, a security professional is unlikely to be a serious contender for the position if they don’t bring technical expertise to the table. Anyone aspiring to the CISO role should therefore build mastery in a specific domain, demonstrating their professional aptitude and readiness for more responsibility.

It’s less important which subdomain of security one specializes in — management of firewalls, the design and operation of SIEM systems, etc. What matters is the ability to position oneself as a credible expert in the subsystem or systems where one has invested considerable time and energy.

2. Develop soft skills

As security leaders progress in their careers, soft skills become increasingly important. These include the ability to be a team player, understand the big picture and accept responsibility when something goes wrong. A great CISO also cultivates a culture of transparency and openness, readily sharing information with executive leadership, peers and junior managers.

CISOs must also understand how cybersecurity fits into risk management and be able to make strategic decisions accordingly.

3. Anticipate future security requirements

Cybersecurity, like technology, is constantly changing. A CISO must be able to credibly run a security organization today, while also anticipating how it will need to evolve tomorrow.

As an aspiring CISO, learn to identify, understand and embrace future challenges — and demonstrate that forward-thinking mindset to management. The top security job will often go to the person with one eye on the horizon.

4. Work to improve areas of weakness

It is naturally tempting to play to one’s strengths and avoid using underdeveloped skills. But while CISOs don’t need to be experts in all things, they should be well-rounded. Everyone has shortcomings, and up-and-coming security leaders should acknowledge theirs and work to overcome them.

5. Keep learning

The best CISOs have a passion for learning and view continuing education as an integral part of their ongoing professional development. This includes attending security conferences, where participants can learn about emerging technologies and connect with their peers.

6. Prepare to be expendable

Some people achieve job security by obscurity. Their thinking is, “If I’m the only person who understands this hardware, software, system, procedure, etc., then I’m too important to replace.” But, on the other side of the coin, that person’s indispensableness could also keep them from getting promoted.

Be expendable. Train subordinates how to do your job, so you can get promoted out of it — while also helping others get promotions and winning their loyalty.

The CISO is a big job, full of risks. It is also an exciting job, and more necessary now than ever. While CISOs can seem superhuman, they are human beings who got to where they are with dedication, training, planning and passion.