If You Want To Be A CISO, Then Read This First …
The CISO title should NOT be your end goal in Cybersecurity.
For most Cybersecurity professionals, success in their career means “Becoming a CISO.”
I have lost count of the times I have asked people in cybersecurity what they aspire to be, and the final response is usually, “I want to become a CISO.”
The Chief Information Security Officer (CISO) is the most coveted title within cybersecurity, as the CISO usually calls the shots and makes all the decisions.
If you become a CISO .. you essentially have “made it” in Cybersecurity
In this article, I am going to say something that not everybody might agree with, and that is the CISO title is not for everyone and not something everybody should try for
In fact you can be exceptionally happy and successfully in Cybersecurity without every becoming the CISO
Pfft .. you might say .. this guy is just a loser who never became a CISO and is just bitter.
In fact, I have held the position multiple times and even won the CISO of the Year award once
That is why I get worried when I see Cybersecurity newbies and experienced professionals pinning all their hopes and dreams on the CISO title.
Let’s explore why becoming a CISO should not be your end goal.
1. Be Ready For A World Of Stress
The best thing about becoming a CISO is that you are ultimately responsible for Cybersecurity.
The worst thing about becoming a CISO is that you are ultimately responsible for Cybersecurity.
Being a CISO means you’re in the hot seat when things go sideways — which might be a malicious link click away.
Be prepared to deal with angry CEOs and Board Members when things go wrong
If a peaceful night’s sleep and a lower caffeine intake are your thing, the CISO title might not be for you
2. Your Expectations Might Not Be Realistic
Despite the rapid pace at which cybersecurity evolves, the CISO is NOT a technical role.
The primary tools you end up using might be PowerPoint and Excel.
The CISO is a strategic role where you are expected to to tame the C-Suite, juggle multiple priorities, and walk the tightrope while maintaining a cybersecurity strategy that keeps pace with the “bad guys”.
Being a CISO often involves less risk management and more “ego management” with boardroom politics and budget restrictions, as well as explaining for the umpteenth time why sending corporate data to personal emails might not be the best idea.
3. Get Ready For The Blame Game
Ah, yes, the endless blame game.
The favorite pastime of every organization is when a data breach happens.
Who is the usual scapegoat?
Yep, you guessed it: the CISO.
Forget that you highlighted the risk multiple times to the CEO, who decided we “don’t have the money right now” and ignored the glaring vulnerability.
Forget your years of dedicated service, that one time you saved the company’s data from the clutches of hackers, or the countless late-night emergency patching sessions.
One misstep and you could become the cybersecurity equivalent of a sacrificial lamb.
Not to mention the threat of actual jail time if you goof up on your cybersecurity controls
4. CISO Is Not The Only Path
Cybersecurity is a massively dynamic and evolving field
Treating the CISO position as an end goal is like finishing a marathon and then deciding to build a house at the finish line.
If you are genuinely passionate about cybersecurity, there’s an ocean of exploration ahead.
You could pivot into research, become a cybersecurity consultant, start your cybersecurity firm, or even morph into a cybersecurity influencer, spreading your wisdom on social media.
The possibilities are endless!
5. The CISO Stagnation Syndrome
Becoming a CISO doesn’t mean you’ve “made it”.
There’s always more to learn in this exciting field.
Aiming for that CISO title can lead to the dreaded CISO Stagnation Syndrome or CSS, where you become so caught up in maintaining your current position that you stop striving for innovation.
Where is the fun in that?
In conclusion, Cybersecurity is a crazy and wild journey that does not end in the CISO role.
The ultimate goal should be a continual commitment to learning, growth, and adding value to this dynamic industry.
So stay curious, remain adaptable, and always remember to inject a healthy dose of humor into your work.
Good Luck in your career!
Love the frank description (and you can transfer it to almost all C-titles that are out there.) Sadly, in some companies, there are still limited career paths for people that are experts but dont want to manage. An important piece of advice, nevertheless!