How do I become a Chief Information Security Officer (CISO)?

Chief Information Security Officer (CISO) Job Overview

As the title “Chief” would imply, the Chief Information Security Officer is the grand overlord of the IT security department and all of the staff. As the big boss, you may find yourself consulting with investigators, law enforcement, corporate security squad team members and any other individuals an organization or company sees fit to fight the bad guys. You will provide leadership though your expert knowledge of all matters related to information assurance and ensure that your underlings are capable to execute the required tasks with professionalism and agency. No, you’re not a babysitter. You’re the Wizard of OZ, I mean IA.

CISO Duties

  • Establish the vision for all matters related to information assurance and cyber security.
  • Lead a computer emergency response team
  • Enact all disaster recovery policies and procedures
  • Design policies tools and procedures required for effective disaster recovery
  • Comply with all major information regulations including HIPAA, FISMA, DSS, and others
  • Remain fluent in the companies current cyber security systems and develop upgrades employing security architectural tactics
  • When necessary perform similar managerial duties to a chief executive officer including oversight of budget, case management, and cross-departmental trainings
  • Monitor vulnerabilities and all cyber security threats
  • Design training programming for team members and conduct training sessions
  • Audit security systems and provide risk assessment
  • Employ digital forensic techniques
  • Mastermind new approaches to cyber security, and resolve evolving threats

Do I Really Need to Be a Certified Chief Information Security Officer (CCISO)

Short answer: There is no short answer.

Let’s face facts, Cyber Security is on everyone’s radar, and is needed everywhere from small businesses to large government operations. However, when it comes to certification you may not need to be certified when you are already employed and doing the job as a CISO. Except for wait, there’s a board- the CCISO Advisory Board. What happens when a board emerges is typically the role becomes standardized by a clear code of ethics. What you want do avoid is getting caught in a Catch 22. Meaning, that you go through all of the steps necessary to obtain the knowledge a CISO needs and then find yourself obsolete because you did not get that extra piece of paper. It could happen, and why not prevent it by simply obtaining this certification. Presently, you may be fine but wouldn’t it be better for your job in security to remain well, secure? And as business evolves and the laymen recognizes the absolute need for a CISO, who are they going to turn to but official channels? For this reason, we recommend at least taking a look at CISO certification.

Chief Information Security Officer Career Pathway

Based on your starting point (whether you’re already active in cyber security, a service member, IT specialist, or a student) there are several ways to work your way towards being a CISO, predominantly getting more experience or getting more schooling. We’ve listed some different levels at which you can engage in security jobs below. These levels will depend on the typical number of years of experience associated with career stages (entry, middle, senior) as well as how specialized your education is. For an in-depth look at how job experience in cyber security and education levels compare and contrast, check out our guide on how to prepare for a career in cyber security. With that said, CISO positions are generally the most senior positions still within the security portion of an organization. It’s rare to find yourself in the CISO position without years of experience in a mid level role or another CISO position.

With that said, you can start to prepare for a CISO position with education. You will want to start with a Master’s in Cyber Security, though evaluate the job market and take a look at what is required- you may be ready to roll with a Bachelor’s in Cyber Security , certifications in cyber security, and a number of years of experience. Also note that years of experience and a thorough understanding of what the role entails are very impressive and valuable to a potential employer.

  • Entry level:junior vulnerability assessor,system administrator, security administrator
  • Mid-Level Level: penetration tester, vulnerability assessor, security auditor, Vulnerability Assessment Analyst
  • Senior Level: Vulnerability Assessment Analyst, CISO, Security director, Cyber Threat Analyst

Technical Skills Required of Chief Information Security Officer

  • C
  • C++
  • C#
  • Python
  • COBIT, ITIL, ISO 27002
  • JCL
  • Big Data Event Analysis
  • Unix/Linux and Windows
  • Hardware and Software
  • Security Architecture development
  • Cloud Security
  • Web-based applications
  • Understanding of secure frameworks like NIST, HIPPA,SOX
  • Reverse engineering
  • Develop exploit code using Metasploit

Soft Skills Required of Chief Information Security Officer

  • Innovative
  • Out-of-box thinking
  • Creative
  • Strong Oral and Written Communication
  • Leadership
  • Training others

Job Outlook and Salary For Chief Information Security Officers

There are hundreds of jobs available for CISOs across the nation, and over a million positions open in the general field which you can work your way up to a CISO postion from. According to Bureau of Labor Statistics, Information Security position are projected to grow by 18% by 204, which is much faster than average for other fields. In 2015 Silver Bull, published the average salary for CISO as $204,000 per year with a range from $126,000-$311,000 noting that the 6 top candidate locations exist in California (holding three of them) Chicago, Washington D.C., and New York.

Chief Information Security Officer Resources