Becoming a CISO...Women's Edition
Is it worth it?
The CISO seems to be the one at the pointy end and under scrutiny whenever the ship goes down. Is it really worth it? You’ll have to decide for yourself. We’ve assembled the brightest and best Women in tech to help you do just that.
Who are these CISOs you speak of?
CISOs love to fix things. Having that passion bridges the gap in a love/hate relationship. Just ask any CISO! The CISOs of the world have mostly been men but women have scraped their way into the role and guess what? Turns out they are pretty damn good at it!
There are typically two broad types of ISOs, the “Technical” CISO and the “People Person” CISO. The “Technical” CISO fixes everything and the “People Person” CISO shakes all the hands and is the Public Relations Guru within the company.
Six different types of CISOs
Forrester published a post on identifying six different types of CISOs. Theres the Transformational CISO, Post Breach CISO, Tactical CISO, Compliance and Risk Guru,
Steady State CISO, and Customer Facing Evangelist. Your skill set and personality may fit into 1 or more of these roles but they are described to give you a general idea.
So if you find joy in being technical than you may want to avoid joining a company that is looking for a compliance driven CISO. You are setting yourself up for failure
Did they include you in the executive leadership team?
It is where the CISO reports that determines success. Being a part of an executive leadership team and reporting directly to a CEO makes a huge difference and fills gaps that would otherwise be present and difficult to navigate when reporting to someone outside of the leadership team.
It takes a certain personality. If you don’t have a passion for it, a deep curiosity, and enjoy responding quickly to things or resolving challenges, you may be disappointed. It is also important to have support from leadership. You will need to handle being doubted and be responsible for extinguishing that doubt. This is the drive you NEED to have.
If you love to put out fires quickly, like attention (even the bad kind), being a ringleader, then rock on with your bad self! A CISO career sounds right up your alley!
There is no one way to break into the CISO space.
Some people start off in another career and then move towards technology giving them an edge on understanding the business and being able to save it. We’ve seen women who come from Marketing and Accounting backgrounds become CISOs. The former CISO of Equifax had a degree in music. She got a lot of attention!
To Degree or Not to Degree?
You don’t need a degree to be a CISO. A degree is helpful to prepare with critical thinking skills, business know-how, and knowledge in a specific field, and could be needed depending on a company’s requirements. There are plenty of certifications like the CISSP cert that you can obtain on your own. You have to take the initiative to research and figure out where you fit and what you need to do to get there.
You don’t have to know it all.
The important thing is knowing where to go to get the answers. That’s why it’s important to surround yourself with a diverse group of people with different skill sets in the industry.
You’ll be happy to hear that you can actually start TODAY with the following tips.
Network with people, take classes, and always expand your knowledge. Join a CISO community on LinkedIn and build relationships. Find a mentor or find three mentors. Listen to podcasts, read articles, and keep up with technology. Get out of your comfort zone.
It’s not just about security...
Most CISO roles take a little bit of every skill set. Security is just one part of the business. You need to understand the business and it’s goals. Your need to provide a security program that will help the company achieve its business goals without crashing. So work on developing your business and leadership skills.
We’ll say it again...build strategic relationships with other people in the field and get a mentor and learn about their challenges and what they do.
Don’t be an a**hole!
It’s easy to check the boxes on technical skills but what about the soft skills? Can you learn them? Are you born with them? Talk to other departments, think about impact with them. Learn the business. Just because you’re a smart cookie, you cannot be an a**hole. You have to be a team player.
Be a nosey neighbor.
Two traits of an effective CISO are a constant curiosity and an understanding. Look at normal everyday things and ask why? If you don’t know, figure it out or reach out to someone who does know. Be a nosey neighbor. Second, you have to understand impact. If you are put in something, there is an effect. You are one person of billions, how do the things you do right now impact the rest of your day? Start thinking through those steps to get the skill. Once you start thinking and seeing these things, you will be able to also see it in the workplace.
Will anyone go through fire for you?
Build trust relationships. You need executive management backing. You have to communicate with them. Help them. Listen to them so that you can help drive operational improvements. To be a CISO, you have to get people to do things they don’t want to do. Learn how to persuade, influence, and negotiate, Yes, there are courses for this.
Cinderella and the Glass Slipper
Is the company the right fit for you? That’s equally as important as a company seeing YOU as the right fit! All based on type of company, size, the security program, and culture. You’re not just there to answer questions, you are interviewing the company!
In order to determine what type of CISO the company is looking for, jot these questions down and take them to your next interview:
- Who does the CISO report to?
- Who are their peers?
- Who reports to them?
- What’s going on in the company right now?
- What kind of security program and technology do they have?
- What is the culture like?
It is important to understand the role you are going into. If you are super technical and going into a compliance and risk role, you may not be happy or possess the focus or skillset to handle that. Above all else, know yourself, your worth, what you're selling, and find a company that fits what you are looking for. You are your own brand.
What’s the future of a CISO? Is it viable?
Yes, it is viable. CISOs on average spend 14-28 months at a company before changing employers. Sometimes, the CISO wants a better fit for themselves. Other times, organizations may evolve and outgrow their current CISO. You could be a great tactical CISO but if you aren’t great with people and the company needs you to be that, you may no longer be a good fit. It’s just the nature of the beast.
Women...Your worst enemy or biggest supporter?
We’ve heard horror stories from other women from all walks of life in all roles. Stories of cut throat women who will do anything, including sabotaging other women in order to move up in their career. For some, it’s survival mode. It’s time to STOP IT. It only makes it harder on everyone and doesn’t set the greatest example for future generations to come. Plus, it’s so Junior High. There’s enough space for us all.
Pressures of perfectionism and overwhelm are difficult which is why it’s so important to recognize that women have your back. The higher you go up, the more critical it is to open the doors for the younger generation and make it easier for them to get into these types of roles. Once you start supporting other women, you’ll start to see more of them supporting you. Oh, and support the men too! Be a mentor when you get established!
Part Two of this series is coming soon. In the meantime, check out our panelists and a few of their favorite books!
Listening & Reading List
- Breaking Into Cyber Security - Podcast
- How to Win Friends and Influence People - Dale Carnegie
- It’s Not All About Me - Robin Dreeke
- Good to Great - Jim Collins
Wizer’s hacker, Chris Roberts!
Renee (Brown) Small - Cybersecurity Super Recruiter | 🎙Breaking Into Cybersecurity Podcast Host | Small Business Owner helping CIOs, CTOs, CEOs hire CISOs + build amazing security teams at Cyber Human Capital
Niles Pyelshak - Technical Marketing Engineer, Cloud Security at Cisco
Kathleen Mullin - Chief Information Security Officer/CISO | Information Security & Cyber Awareness Speaker | Executive Advisor
Olivia Rose - CISO, VP of IT & Security at Amplitude