HOW TO BECOME A CHIEF INFORMATION SECURITY OFFICER (CISO)
A Chief Information Security Officer (CISO) is a security professional who has reached the pinnacle of the profession. The path to becoming a CISO is not an easy one, but it is one that you can tackle if you are patient and determined—and willing to continue to learn.
As a CISO, you will have many responsibilities. Typically, you will oversee all of the security policies and procedures for your company. You will need to be current with the latest trends and technologies in cyber security—including new software—as well as the best knowledge of how cyber criminals are behaving. Depending upon the size of your organization, you might work alongside the chief information officer (CIO) who coordinates the general IT functions of the corporation.
You will need to know how your company's decisions are made so that you can provide input from a security standpoint. For instance, certain web browsers might pose security risks or various online tools might pose a threat. When you are aware of the software workers need to satisfy business goals, you can factor that into your decisions regarding firewall technology, network security and database integrity.
CISO VS. CIO
A CISO is chiefly concerned with the security of the computer systems and databases in a corporation. The Chief Information Officer (CIO) on the other hand, works with the general technical issues that face the company. The CIO might work with a budget for new desktop computers, or for a new software upgrade. They might also help coordinate how the IT department operates the network and installs new hardware.
The CISO comes into the IT picture with a single focus—security. While they will need to be fully aware of all the systems in play in their corporation, they will assess all of those purchases and roll-outs in the context of security. They will make sure that network upgrades proceed without disabling the necessary security software. Or, they might know how to best take databases offline while the IT department installs new server software.
When the CIO and CISO work in tandem, the business operations of a company are able to maintain maximum safety and efficiency.
POSSIBLE CAREER PATHS
Here is a six-step possible career and education path projection toward the goal of becoming a CISO:
Start as a Programmer/Analyst
Get the Education to Become a Security Analyst
Get Extra Certifications and Training
Oversee a Security Team
Attain an MBA with an IT Security Focus
Promotion to Chief Information Security Officer
The CISO may be the ultimate role to many in the computer security field, but there are other similar jobs that carry equivalent status, salary and responsibility. The CIO position for instance, is highly prized by many in the corporate world and operates at the same level as a CISO in most corporate structures. The CIO is more concerned with the day-to-day and long-term business operations of a company. For example, they might be in charge of determining what new software should be rolled out to handle the company's email, word processing and corporate presentations. The CIO would work with the CISO to ensure that software and installations are secure and will not compromise the corporation's security in any way.
Note: Some corporations may use the term Chief Security Officer (CSO), which is virtually the same job as CISO. It's important to understand however that different companies will have their own unique needs and expectations for a CISO or CSO.
Every corporation organizes its compensation structure differently, and that is all the more true at the top. When you seek a CISO position, you will likely become involved in a lengthy negotiation in which aspects of compensation such as company cars, moving allowance, health insurance, bonus structure, stock option plans and base salary will be on the table. Here you can leverage your education to command the best compensation package possible.
ANNUAL MEDIAN SALARY OF
Chief Information Security Officer
UPPER 10% OF THE PROFESSION
The U.S. Bureau of Labor Statistics' current Occupational Outlook Handbook states that computer and information systems managers earned a median annual salary of $135,800, while those in the upper 10 percent of the profession earned $208,000 or more annually. Keep in mind that many people who command the higher salaries may also live and work in more expensive regions, such as the San Francisco Bay Area, New York City or Los Angeles, which are known for higher costs of living.
While it's possible for anyone with a bachelor's degree and a lot of experience to climb the corporate ladder to the CISO position, more often than not you will need extra degrees and certifications. As you progress towards the CISO's corner office, make sure you attain all security certifications you can. Then you will need an MBA from a top-ranked program. The need for an MBA increases along with the status of the particular company you wish to lead, but it will help you succeed in this more managerial role.