PRO+ Premium Content/Information Security
Access your Pro+ Content below.
CISO job requires proven track record in business and security
This article is part of the Information Security issue of May 2017, Vol. 19, No. 4
The CISO job is one of those positions that's much easier to get once you have a proven track record. However, companies are seeking first-time CISOs and finding candidates externally, and in rarer instances, from within their ranks. How can CISO job candidates establish that they have security leadership abilities? Many companies will require certifications, like CISSP, which demonstrate that the job seeker understands the lingo and rules and regulations. But certifications and degrees are never a substitute for on-the-job experience. The business information security analyst -- an analyst who works with business units when they want to roll out new processes or services -- is a role increasingly found in top-level security programs. "That is often becoming a great role for people to grow into CISOs because they are learning how the business operates," says John Pescatore, director of emerging security trends at the SANS Institute, which trains a lot of first-time CISOs. "At the same time, they are growing their experience in ...
Features in this issue
-
Challenging role of CISO presents many opportunities for change
With some reports showing incredibly short tenures, new CISOs barely have time to make their mark. The salaries are good; the opportunities for the right skills, unlimited.
-
Polycom CISO focused on ISO 27001 certification, data privacy
Tasked with security and compliance, Lucia Milica Turpin watches over internal systems and remote communications customers entrust to the video conferencing company.
Columns in this issue
-
CISO job requires proven track record in business and security
In the security field, certifications and degrees are never a substitute for on-the-job experience. For women in security, the challenges may be even greater.
-
Q&A: GDPR compliance with Microsoft CPO Brendon Lynch
Failure to achieve compliance with the EU's General Data Protection Regulation in the next 12 months can trigger fines of up to 4% of a company's gross annual revenue.