The Road to CISO

Jonathan Trull, Chief Information Security Officer


The Chief Information Security Officer, or CISO, is considered the corporate executive responsible for all cyber security related issues. For many information assurance professionals, obtaining the CISO job is the pinnacle of one’s career. Being the CISO comes with many perks and benefits. In fact, the SANS Institute lists the CISO job as number 10 on its list of “20 Cool InfoSec & Cybersecurity Jobs” (http://www.sans.org/20coolestcareers/). However, be forewarned, the CISO job is not for the faint of heart.

In this blog, I describe the road, or more accurately, roads, that can lead you to the CISO job. This is based on my own personal experience and the professional interactions I’ve had with hundreds of CISOs of all different types and sizes of companies -from Global Fortune 500 companies to governmental agencies to small and medium sized businesses. Broadly speaking, the roads leading to the CISO job include:

  • Information Security. This is what most would consider the traditional path to the CISO job. In this case, the person would likely have a technical degree and would have held several different positions within the information security organization, such as security engineer, security analyst, and pentester. More likely than not, he or she would have taken on increasingly more responsibility and continued to achieve results in these more demanding jobs. I’ve also met many very talented people in this category without degrees at all. They are entirely self-taught and tend to really enjoy the technical aspects of the job.
  • Audit/Risk/Legal. It’s becoming increasingly more common for people obtaining the CISO job to have significant experience within the risk and assurance field. He or she would have held job titles such as auditor, information system auditor, risk analyst, privacy officer, compliance officer, legal officer, or vendor compliance analyst. Academic training for these individuals is often varied and includes advanced degrees in law, business, finance and accounting, management, and information systems.
  • Road Less Traveled. This would definitely be considered your non-traditional path to the CISO job. Some of the best CISOs I’ve met hold degrees in history, Spanish, physics, chemistry, and a myriad of other disciplines. Many began careers in completely unrelated fields but eventually found themselves working either directly within the IT organization or closely with IT on a large scale project. Based on these experiences, they develop a deep appreciation for technology, especially how technology can improve one’s life.   

No matter the road you’re currently on, the CISO job is within reach. At the end of the day, the key factors to landing the job are:

  • History of success in increasingly more demanding roles
  • Superior communication and leadership skills
  • Emotional intelligence
  • Deep understanding of how cyber security supports the business

Would you like more information about our information assurance course offerings? Call 877-820-0581 or request more information today.