I frequently get asked “How do I become a CISO?”
Although there are many potential paths, I think the first step is defining what it takes to be successful in the field of information security.
I wish I could say that I had planned on becoming a CISO from the beginning of my career, but that would not be accurate. Instead, I capitalized on opportunities presented to me and looking back I can identify several common themes that led me to where I am. Let’s call them the “Three Ms of Success.”
- Mastery of your craft
I do not mean master everything there is to know about information security, but there are several important elements that, when achieved, lead to mastery of your craft. Passion is the first step to mastery. Hopefully you have chosen information security because you are passionate about the topic. Passion goes beyond interest. It makes this field more than a job, inspires others, and drives your commitment to continual learning. We all know people that are passionate about what they do. It comes across in their words and is visible through their work. Make sure you’ve chosen information security because you are passionate about it.
The second element is the commitment to continual learning. True masters may have acquired significant knowledge, but will never claim to know everything. This is especially true in a field that is constantly changing both in terms of emerging threats and innovation in technology.
The third element is the investment in knowledge sharing. We all have an obligation to advance the field of information security and to do that we must collaborate, especially since the cyber-criminals are often much better than we are at sharing information. There are many avenues for security professionals to collaborate and all have the potential to enhance your knowledge and advance the industry. Simply informally sharing with your colleagues during casual conversations can often lead to valuable learning opportunities.
Passion, a commitment to learning and sharing knowledge with your peers are important elements to mastery of your craft and a successful career in security.
- Mentors
Choose one and be one for more junior staff. Now this is easy to say, harder to do, but well worth the effort. When choosing a mentor, you are essentially looking for someone that is a good role model. You want someone who will share knowledge and wisdom, and encourage you to grow and see possibilities. Being a mentor to others will make you a better listener, communicator and build strong bonds. Some characteristics of great mentors include, but are not limited to: listening, guiding, providing insight and constructive criticism, and being accessible. Consider these characteristics not only when choosing your own mentor, but also when serving as a mentor to others.
- Manage
Manage yourself and learn to upwardly manage. Let’s start with managing yourself, which requires you to be self-aware. Know your strengths, weaknesses, and when you need help. Be accountable to yourself and meet your deliverables. If you mess up - own it; if you are struggling to learn something - step back and regroup. Set visible goals for yourself and keep track of them.
Managing up is about making business relationships work. It requires understanding your manager’s needs and how you can fulfill them, but also what you need from your manager. Everyone has had their share of good and bad bosses over the span of their careers. Those who manage up successfully are still able to identify ways to make the relationship work.
You may be able to look to your Mentor for some insights, but also look to others around you. I have frequently found that those most adept at managing up are the executive assistants. After all, they work with managers day in and day out, and their success is often contingent upon their ability to anticipate the needs of their managers. Some tips include having an open dialogue with your boss, asking for clarification when you do not understand something, and understanding your boss’s priorities.
These “Three Ms of Success” were common themes throughout my career, and when implemented, they will ensure success for your career in information security – no matter which of the many paths you choose.