A major issue facing our industry right now is a significant shortage of talented, skilled cybersecurity professionals. Whether that’s due to lack of interest or a fundamental misunderstanding of how to gain a foothold in information security, it’s a problem that industry professionals around the globe are working to address.
I was recently asked by a group of my peers, “how do I become a CISO and what do I need to do to get there?” This question got me thinking about my own career path and how I didn’t begin my career, or intend for it to end up being in cybersecurity. At 17 years old I joined the United States Marine Corps, and for the next 20 years I had experiences that shaped who I am today – both personally and professionally – and taught me with hard work comes success. While there is no silver bullet to success, I’m convinced it is all about preparation, choices, decision making and goal setting.
As I set out to embark on my career in cybersecurity, two traits I picked up during my time in the military rose to the top: leadership capability and technical knowledge in computer and satellite systems. Based on my own assessment, I chose to pursue information security as my next career move.
I had to first determine what success looked like for me at the time, and set both short and long term goals. Communications and networking became critical – maintaining your network of contacts will prove beneficial throughout your career. My contacts were fairly extensive and I managed to land a position with a company that worked closely with the military to train information security analysts.
At this point I had to make another choice – remain technical and focus on the changing technologies, or move towards the management side of the profession. I hedged my bet and began working in both directions – obtaining my Certified Information Systems Security Professional (CISSP) and Certified Business Manager (CBM) certifications, as well as an MBA.
During this time, I became the director of security for an academic healthcare organization, where I was the senior security personnel and was able to formulate new ideas about security management, try new things, and implement security controls in an open environment. Shortly after, I became the Chief Information Security Officer (CISO) for the organization.
Over the next few years I completed additional certifications, as well as my MBA. Additionally, I was offered the position of CISO for a financial services firm growing by leaps and bounds and focusing on building a security program. I walked through an open door and didn’t look back. My new career only continued to expand from there. Over the years, I’ve applied leadership principles and learned the art of listening to effectively advance the teams I’ve been a part of and propel my own success.
The need for more information security professionals is growing every day. Whether your success in the cybersecurity industry is leadership based or technical focused, there’s a path to achieve it – even if you don’t have a traditional IT background. I was able to take myself from a member of the Marine Corps, to CISO of an international security company with determination and a willingness to walk through open doors. Whether you’re beginning your career in cybersecurity, or considering a career change, three tips for a successful start include:
1. Map out a plan and set goals. Figure out what you want to achieve and how you’re going to go about doing so. Then set an actionable timeline to follow through.
2. Complete certifications. The cybersecurity industry evolves so rapidly that remaining up to date on certifications is key to success.
3. Hone in on your skills. Determine which area of cybersecurity you’re most interested – technical or business – and develop skills that best align with that career trajectory.
We’re all after the same thing: data protection. True success in this field is convincing executive leadership there is value in implementing a security program to benefit the business and supports the strategic mission.