How to Become a Chief Information Security Officer (CISO)


– Source: Toms IT Pro

Climbing the career ladder all the way up to the Chief Information Security Officer position takes time, effort and commitment. Here’s how you can get started on this path with the right combination of security certifications, management experience and advanced education.


A programmer analyst from Vancouver, British Columbia is hoping to climb the security career ladder all the way up to a C-level role. Guillame has ambitions of becoming a Security Director or a Chief Information Security Officer (CSIO). With three years of experience in the IT field and no current credentials, he is interested in obtaining certifications that involve both security and IT management.

See: Best Information Security Certifications

His current career plan is to move into an IT security auditor or security analyst role as he completes the more advanced certifications, ultimately being able to manage a security response team. Although he enjoys the technical aspects of his work, he’s leaning more towards management and leadership roles that will allow him to prepare for a CISO position.

We suggest a progression of advanced security credentials along with a Master’s of Business Administration that’s highly sought after in C-level positions. By following this path and continuing to gain experience in security, Guillame will be on his way to becoming a Chief Information Security Officer.

Dear Guillame:

I’m not sure exactly how I should interpret your computer systems diploma, so I’ll assume that it’s something like a bachelor’s degree in computer science or informatics. If my assumption is incorrect, do please let me know because it might influence the suggestions and advice that I’m about to dispense below. Your location in Vancouver certainly puts you in a wonderful location, though you may be able to find more work in the capitol city or Montreal, as both of them are considerably more active on the IT front. I’m guessing you might be bilingual in both French and English, and would thus also encourage you to think about possible work overseas in France, or other Francophone countries, as well.

As for finding the right combination of information security credentials, I’d encourage you to pursue them in this order:

This sounds like a two to three year slog, depending on how many hours a week you’re willing to put into study and practice, and how much new material you will have to master along the way (versus what you might already know). This is an excellent trio of security certs, and should definitely help to propel your career and work prospects up a considerable notch or two. If you can climb into the right level of technical skill and knowledge to master this material, you’ll be able to think about moving into management within two to three years of work as an infosec specialist/consultant/expert on the job.

Should you remain interested in climbing into the executive (C-Level) suite, you may want to further consider a Master’s of Business Administration (MBA) somewhere further down the road. Much of management requires understanding financing, cash management, budgeting, profit & loss, and so on and so forth. And few degrees will equip you as well to move into that realm as an MBA (preferably one from a top-notch school). This is an expensive and demanding undertaking, but will provide a terrific boost to your career profile and visibility.

It sounds like you are off to an excellent start, so let me wish you the best of luck in implementing what sounds to me like a well-crafted and attainable career development and certification plan.

Leave a Reply