May 1, 2017 By David Strom 2 min read

David Froud recently updated a blog post of his from last year about how to get into the cybersecurity field and become a chief information security officer (CISO). In last year’s post, the security expert wrote about the importance of understanding your motivations for going into the security field. If you scored Extroversion, Sensing, Thinking, Judgment (ESTJ) on the Myers-Briggs personality test, he wrote, chances are you have the right kind of temperament and motivations to succeed as a CISO.

“Without question, a career in cybersecurity can be very rewarding, both in personal achievement and financial terms,” Froud explained. “It can also chew you up and spit you out if you’re not careful.”

The CISO’s Dilemma

Part of the problem with finding the right CISO job is that the role is almost too popular these days. There are hundreds of places from which potential IT candidates can obtain dozens of security credentials. Furthermore, enterprise protection technologies are exploding, and the days of a traditional antivirus tools are quickly coming to an end since new malware schemes are designed to circumvent them with sneakier methods.

This presents a typical CISO candidate with a dilemma: Should you focus on beefing up credentials or aim to create a more hands-on experience? Should you prioritize understanding the technology or becoming better at the underlying business processes?

No Substitute for Experience

In his recent post, Froud explained that experience is the best teacher. “It’s the people and processes that give technology context, not the other way around,” he wrote. “You will be lost in a never-ending cycle of throwing technology after technology at something that could likely be fixed by adjusting the very business processes you’re trying to protect.”

It’s all about using real-world implementations of technology that can solidify a network to repel data breaches. Look at the many high-profile public breaches of the past year: In many circumstances, the companies involved had purchased various solutions to prevent data leaks. However, the solutions were incompletely implemented, misconfigured or only implemented in one corner of the network.

Listen to the podcast: One Hack Away from Disaster

The Devil Is in the Details

Security is really a means to an end, and that end is for the business to succeed.

“A successful CISO needs to be both strategic — long-term plan, collaborate with teams, communicate to executive management and the board — and tactical. The devil is in the details,” said Imperva CISO Shahar Ben-Hador in a blog post. “As a CISO, I have to assess what’s going to be a fundamental technology over a longer period of time and what’s fundamental for our business.”

Both articles feature lots of other solid career advice for CISOs, such as not to immediately take the most lucrative offer, find the right person to mentor you and review your progress every six months. As Froud wrote, the final aspect of a CISO’s job borders on politics, so that had better be what you want. True enough!

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today