This article can also be found in the Premium Editorial Download "Information Security magazine: Exclusive: Security salary and careers guide."
Download it now to read this article plus other related content.
No two CISOs have the same background, but successful ones have similar skills.
Having recruited information security professionals for the past 10 years, I am asked one question more frequently than any other: "How do you become a chief information security officer?" Unfortunately, it's the most difficult question to answer.
If you asked 100 CISOs how they landed their jobs, you would probably find 100 different paths to the top. A few common traits might emerge--for instance, few CISOs have come into their roles by exclusively working in information security. Most have backgrounds in general information technology, physical security, finance, legal, marketing and even human resources.
While many security pros have been practicing information security for a long time, we tend to forget that the industry has only developed over the past 10 years--a relatively short time compared to other corporate disciplines like finance and sales. In each of these other professions, the career map is set; virtually all CFOs and vice presidents of sales have met certain career prerequisites. In our industry, we have not had the time to develop these requirements. Corporations view information security in many different ways; therefore their leadership requirements vary according to specific needs.
This was first published in July 2006