I'm currently managing a more technical portion of the information security program of a Fortune 500 company. I'd like to know how to become a CISO, perhaps for a smaller company, in the next five years. How should I go about progressing up the career ladder? What long- and short-term goals should I set for myself?