Who wants to be a CISO?

Talent alienation is the biggest issue behind the cybersecurity management skills gap, but it shouldn’t be the case

Who wants to be a CISO these days? And at which stage in your career should you consider the move? What balance of managerial and technical experience do you need to have? And where do you go from there? (what’s the step after next? … always the most important question in terms of career development)

Those would be valid questions for many executive positions but when it comes to the role of the CISO, they seem to acquire a different meaning.

Let’s evacuate the first two aspects from the start: Cybersecurity has developed a high profile in many organisations over the past few years. Many firms are engaged in transformation programmes in that space, which will require strong leadership, transversal vision and managerial and political acumen from the CISO. The role is no longer a role for a junior technologist, an ex-auditor or life-long consultant. Of course, control-mindedness and a solid understanding of the technical aspects relevant to their industry sector are important, but they must not be seen as the only key aspects.

It’s the “step after next” question which seems to be the dominant factor preventing people from moving into CISO…