About 25 years ago, the evolution of the overall digital ecosystem necessitated the creation of the first CISO role. Now, 61% of companies have a CISO.
Because it’s a relatively new position, the CISO career path isn’t set in stone, leaving many prospective CISOs uncertain about which degrees and certifications to pursue. In this post, we’ll explore higher education options for aspiring CISOs, as well as certification options that benefit both aspiring and current CISOs.
Some experts believe that having a college degree doesn’t matter as much as having the right skills and experience for the position. However, technology is constantly evolving, and cyber attacks are more complex than ever, so many companies do expect to see extensive field-related education on a cybersecurity exec’s CV.
The majority of companies will pass over candidates without a degree. In an analysis of cybersecurity job postings from September 2017 to August 2018, Burning Glass Technologies found that 88% required at least a bachelor’s degree. Advanced degrees may result in higher pay, and are increasingly common for CISOs (a 2018 Kaspersky Lab study found that 68% of CISOs have master’s degrees).
If you’re looking to become a CISO, there a number of educational paths that can benefit you:
It’s no surprise that a bachelor's degree in Computer Science or IT is the first step for many aspiring CISOs, followed by a master’s degree in the same field. While an MS in Computer Science is generally adequate, you may want to consider more specialized programs (e.g. computer engineering, cybersecurity, digital forensics, cybersecurity management) depending on your particular goals and interests.
Extensive IT knowledge and experience is vital, but soft skills are also in high demand. It’s desirable for CISOs to be educated in business so that they can effectively communicate with stakeholders about complex cybersecurity topics and earn buy-in for cybersecurity initiatives.
Combining computer science education with business education is a good way to ensure you have both the hard and soft skills necessary for a CISO position. Cybersecurity managers and CISOs are increasingly pursuing MBAs for this exact reason, and MS degrees with an emphasis on management and policy are also desirable because they place IT within the greater context of commerce.
This path is perhaps the least traveled for CISOs, but it’s an interesting option for cybersecurity professionals. Cyber law is an emerging field, and a CISO with education in this area can be a great asset for businesses (especially those in heavily regulated industries). A few universities even offer specialized cyber law programs, such as the Cybersecurity & Data Privacy concentration at Loyola Law School and the Cybersecurity Law concentration at the University of Texas School of Law.
As demonstrated by the education section of this post, there is no one single path to becoming a CISO, and the same applies to professional CISO training and certifications.
If you’re vying for a CISO position, earning certifications can help increase your chances of being selected. If you’re already in a CISO position, training courses and certifications will help you evaluate and expand your skills and set the stage for a potential salary increase.
Here is a breakdown of a few common CISO certifications and their requirements:
This certification is offered through the International Information System Security Certification Consortium, or (ISC)², and is geared toward security managers and executives. It covers eight core domains:
To receive this certification, candidates are required to have a minimum of five years of work experience in two or more of the eight domains. One year of required experience can be satisfied with either a college degree or an additional credential from the (ISC)² approved list.
The CISM certification is offered through ISACA, and is arguably the most popular certification in cybersecurity management. It tests proficiency across four core domains:
Experience requirements, exceptions, and substitutions for CISM certifications are relatively complex, and can be found on ISACA’s website.
Offered through the International Council of Electronic Commerce Consultants (EC-Council), the CCISO program tests proficiency in management strategy across five core domains:
Certification requires five years of experience in each of the five CCISO domains, but waivers are available for those with other certifications and/or graduate degrees.
[Related: Worthwhile TPRM Certifications for Security & Risk Professionals]
The cybersecurity talent shortage means that highly skilled cybersecurity experts, including CISOs, are in high demand. There’s no right or wrong path to becoming a CISO, but the right combination of education, experience, hard and soft skills, and certifications will give any aspiring CISO a competitive edge.
Not long ago, corporate executives would give only passing thoughts to their organization’s cybersecurity postures. Leadership and board members would take notice in the wake of a major data breach, for example, or a couple of times a year...
A week ago (which seems like a world ago given everything that’s happened with SolarWinds) Phil Venables -- formerly CISO of Goldman Sachs and now CISO of Google Cloud -- posted an interesting expose on security ratings this week. Phil has...
Online services, e-commerce sites, videoconference, delivery services, and all other kinds of services are growing exponentially, exposing users and data to new risks and threats. Users expect that the sites and services they rely on are...
© 2021 BitSight Technologies. All Rights Reserved. | Privacy Policy | Security | For Suppliers
Contact Us | BitSight Technologies | 111 Huntington Ave, Suite 2010, Boston, MA 02199 | +1-617-245-0469