Almost every candidate recruiters speak to in cybersecurity wants to know one thing: How do I reach the top and get to that CISO level? Speaking with individuals who specialize in the space is one of the best places to start. Transitioning to a CISO position does not happen overnight. It takes a long time to get there.
Having spoken with many CISOs, everyone has a different story, but a lot of the core principles remain the same. I wanted to share advice from an individual who has successfully conquered the CISO role and who I truly feel makes a difference in his organization and in the cybersecurity space: Andrew (Drew) Rabie – SVP Head of Security and IT at HUMAN and former CISO at New York Times and Madison Square Garden Company. Here were some of the core pieces of advice that he passed on:
- Don’t rush into something when you haven’t mastered what you are currently doing. Crush your role, own it and hone your skills before you move on.
- Don’t skip steps. You need a broad understanding to be able to manage the entire cybersecurity function.
- Go back to the basics. The basics from 5, 10 or even 15 years ago are not necessarily the basics now. Always update yourself with how the space is evolving.
- Stay curious and always learn.
Another thing we touched on is to truly understand whether you actually want to become a CISO. Many in the cybersecurity space thrive in technical environments, but as a CISO, most of your work won’t be technical. Drew advised that the majority of your work will now be business decisions and/or business transformation, and this can be hard to transition into, especially if you have been somewhat removed from this world previously. As a recruiter I would advise that if you do want to become more heavily involved, start sooner rather than later: ask questions, understand different business and decision-making processes, contribute to change and make yourself seen. The more exposure you gain, the more confident you will begin to feel about whether this world is for you.
Another core skill to develop as a CISO is communication. As a CISO, Drew explained that not everyone you work alongside in the wider business will understand the threats you may encounter or the necessity of cybersecurity. Your experiences, education and skills will be unique, so it is your responsibility to use these attributes to design around limited understanding and successfully communicate your needs and requirements. How should this be done? Make everything about human experience; the more this can be incorporated into your work, even when dealing with the digital world, the more successful you will be.
Finally, embrace change. Changes can be risky and can take you on an entirely different career path, but they can also help you reach your final destination. It is also important to remember that in a 24/7 world where cybersecurity never stops, you should take some time for yourself and play the long game. Success doesn’t happen overnight, so allow yourself time to breathe and celebrate your milestones along the way.