Crafting a Career in Cybersecurity Leadership: Key Steps and Advice

The other day a neighbor of mine asked for advice. She wanted to know how to become a security executive. She has a few years of experience doing secure web development and currently manages large, diverse teams of developers. She is intelligent, energetic, and personable. What would you say to someone who wanted advice on how to climb the ladder to the top spot in the security industry? How did I respond to her question? Let’s step back and discuss it for a bit.

For many young security professionals who aspire to be cybersecurity leaders, the path to attaining the pinnacle of the industry can be a mystery. How does one determine what they need to be a security executive? Chief Information Security Officers (CISOs) and Vice Presidents of Security all started at the beginning: learning the industry and gaining the experience necessary to attain leadership positions. How did they do it? Was it luck? Incredible timing? Was it because of someone they knew?

Possibly any of those, or maybe they had the advantage of a successful career timeline of progression that provided the necessary knowledge and experience, elevating them above other job applicants.

Experience and knowledge are certainly key for a successful career, but more important is the specific kind of experience and knowledge that gets you to (and through) those all-important executive interviews. Reaching the top of the resume stack means you need to differentiate yourself from all the other candidates. Being considered for a leadership position takes depth of experience across multiple disciplines and job roles that prove you are capable and ready for the challenge of an executive role. When hired into a top leadership position, you are expected to know the principles, concepts, and yes, the details of everything under your control.

Being successful in one or two roles within the security industry demonstrates the ability to grasp the necessary skills and learn the minute details that translate into staying power within that narrow space. But executive leadership requires a much broader background and view of the overall security industry trends, shifts, and practices. A balanced, broad (yet focused), clear career path is needed to get the experience that is the main selling point in a security executive’s resume. But what does that all really mean?

Let’s think of what I am saying in the context of these two examples

1. Strong, narrow technical acumen does not necessarily translate well when a security professional needs to create strategies and communicate them in terms that the business will understand and adopt. The solution to effective communications is to know the audience and how they process information. A purely technical communication of a solution to a business problem does not usually translate well and can result in a lack of business support, regardless of the value proposition. Often this is a missed opportunity to efficiently improve the security posture of an organization due to a lack of business acumen on the communicator’s part.
2. On the other hand, having a strong background in the “softer” security skills, such as risk or compliance program management, could lead to a deficiency of understanding technical security trends and how to leverage them for integrated, automated, layered protection of the business. A lack of technical acumen can also result in poor purchasing choices. We have all seen the results of strong marketing and high-pressure sales integrated with weak or misunderstood technology—the dreaded “shelfware.” It is often a result of not understanding technology well enough to effectively determine the true value of it (which could be zero). Not understanding technology can also cause other issues. Think of a CISO who tells his peers the company can simply use the machine learning implementation within a customer SaaS solution to perform security tasks. That is simply not how machine learning works on a technical level and can easily result in confusion or degraded professional trust in the CISO’s leadership abilities.

How does EC-Council help you navigate your early career and steer it toward the pinnacle of the security profession? With the Associate C|CISO Program!

The Associate C|CISO Program is modeled after the C|CISO Program but allows young professionals an entry point for gaining a view into executive leadership roles and responsibilities. Associate C|CISO candidates take the same training as the more experienced C|CISO candidates. This training provides that critical look into what it means to be a strategist, portfolio builder, and security thought leader within the industry. The training delivers the critical knowledge of what it takes to be at the executive level, building and leading security functions that support complex, demanding business environments. It delivers that crucial view of the career puzzle.

How does it do that?

Simple. By opening the curtain on the roles and responsibilities of a security leader, you can see where you are in your current career and what you need from a professional experience perspective to attain your goal of becoming a security executive. The Associate C|CISO Program training covers the same information within the 5 C|CISO Domains used to train experienced, executive-level professionals. You gain entry to the knowledge of how to create a security program strategy, deliver the portfolio of security services to the business, integrate the capabilities you’ve built into the operational structure of organizations, lead from the board level down, and much more.

Taking that knowledge and deep insight, you can then look at what you have accomplished so far in your career and ask yourself that last, critical question.

What do you do next?

Again, simple. As an Associate C|CISOs you can leverage executive-level training and critical career insight to create your future as a leader. Now you understand where you are today, with a clear perspective of your current experience and capabilities in relation to the bigger picture of security leadership. You have seen what you need for tomorrow. An Associate C|CISO is empowered to take charge of their career and guide their journey, seeing and pursuing positions that create a well-rounded foundation of knowledge and experience. You can visualize your path to executive leadership and act on it now. As an Associate C|CISO, you know what companies look for when seeking strong, capable security leadership. So what are you waiting for?

• Take the crucial career step.
• Map your journey.
• Create your career.
• Realize your goals and aspirations