Four good reasons to pursue a career as a CISO
by Tina Siering
Image source: Google
The role of Chief Information Security Officer (CISO) is becoming more and more common in companies and organisations in Germany as well, in the wake of the digital transformation. Due to the use of global cloud platforms, IoT components or the increasing use of the Internet protocol IPv6 (version 6), the requirements for data security are increasing in many places. Already today, many companies use cloud servers as a central management instance for their data. At the same time, more and more devices are communicating with each other via the internet, which not only creates large amounts of data, but also increases the number of possible targets for attacks. While it is becoming increasingly difficult for IT security officers to identify relevant indicators of compromise (IoC) in the growing volumes of data, the volume, professionalisation and probability of success of cyberattacks are rising - not least due to the use of AI.
The job description of the CISO: demanding and challenging
The CISO has the responsible task of developing and implementing an overall cybersecurity strategy that fully protects an organisation's data, systems and applications from all possible security risks. As an information security expert, he evaluates new technologies, coordinates with many different business units and occupies a central position in the organisation or company. This demanding job requires three essential qualities from a CISO:
Technical competence
A highly specialised education, in-depth knowledge of new technologies and certifications are considered basic requirements.
Experience
In order to realistically assess risks and intuitively make the right decisions, a CISO needs a lot of experience. Therefore, professional experience of at least seven years is required.
Social skills
Successful CISOs not only maintain internal relationships, but also external contacts with authorities, universities and start-ups. Through their network, they receive important information on current legislation, new research results and innovative technologies.
A CISO must constantly face new challenges in his job: Conflicts of interest, strict legal regulations and constantly changing situations are just a few points that can lead to complications in everyday work. But a career as a CISO can pay off handsomely.
Here are 4 reasons why a career as a CISO is worthwhile.
1. CISOs have good opportunities for further development
The CISO's job description is extremely varied and constantly evolving. Because the CISO regularly works with many different parts of the company, they gain deep insights into other departments and can expand their skills beyond their cybersecurity expertise. In addition, the constant changes in the IT security landscape mean that there are always new tasks and plenty of variety.
2 CISOs can bring about change
A CISO solves complex problems and is continuously engaged in optimising processes. He or she is able to bring about decisive changes within an organisation, break down the boundaries between individual business units and improve the big picture. Since the job description of the CISO is still relatively young, there is a chance to actively shape the position. A successful CISO could thus positively influence the way of thinking about IT security in favour of the cybersecurity industry.
3. CISOs are in demand on the job market and earn well
Since IT security is already of great importance to many companies and will continue to grow, but the number of qualified applicants is comparatively low, CISOs can currently choose their employer. Job offers that promise a hybrid work model are particularly well received by information security experts. Equally important to applicants is a good salary that is commensurate with the high level of responsibility. However, depending on the size of the company, the industry and the region, the annual income can vary greatly. In Germany it is around 100,000 euros.
4 CISOs can champion diversity and new talent
Most CISOs worldwide are still male and white. But female information security experts in particular often see their position as an opportunity to promote diversity and thus growth in their industry. It is not uncommon for them to find promising talent in career changers and newcomers. Today, targeted talent development of pupils and students is also possible at an early stage through mentoring programmes and mobile working.
More interesting facts about the Chief Information Security Officer
A study by the US HR consultancy Heidrick & Struggles took a closer look at the job description of the CISO in 2021. 327 CISOs, Chief Security Officers and Senior Information Security Officers worldwide took part in the survey, with the majority coming from the USA. The analysis led to the following results, among others:
- A good third of CISOs (38%) report to the Chief Information Officer (CIO), while others report to the Chief Technology Officer (CTO), Chief Operating Officer (COO) or Chief Adminstrative Officer (CAO). The CEO or the Chief Risk Officer can also be considered as direct superiors.
- CISOs are still rarely found on the board (4 %). However, as they usually report regularly to the executive committee or the supervisory board, they are quite visible there. 47% of respondents said that their career plans include a place on the board - a goal that now seems quite realistic.
- 80 % of CISOs are employed by companies with an annual turnover of more than one billion dollars. Around a third work for financial service providers and fintechs, and almost another third for ICT companies. Before deciding to become a CISO, 68% of respondents worked in the IT department.
- In the USA and Great Britain, the task focus is on network and cloud security, in the rest of Europe it is increasingly on identity and access management (IAM). In the Asia-Pacific region, on the other hand, data security takes a high priority.
Conclusion:
The Chief Information Security Officer assumes an enormous responsibility within an organisation and holds the most important position with regard to IT security. Accordingly, the demands on the qualifications of a CISO are high: in addition to sound specialised knowledge, many years of professional experience, strong communication skills and a high level of resilience are indispensable. However, those who are looking for a challenge and are willing to work towards a career as a CISO with their own initiative and further training can find a dream job with excellent opportunities for further development in this still rather young profession. In view of the tense cybersecurity situation, the career prospects are good: the status of the CISO will continue to increase within German organisations as well, which will be reflected in rising salaries and good career opportunities.
Need help upgrading your IT security for 2023? Contact us!
Related articles
For several days now, there has been a strong accumulation of successful compromises by the "QakBot" malware (also known as "QBot" and "QuackBot") worldwide. We have also already identified successful attacks as part of our ACD monitoring. After infection, criminals can gain access to online banking accounts, leak user data, and reload further malware. As one measure to mitigate the risk, we urgently recommend adjustments to the Group Policy Objects (GPO).
Cybercriminals are true masters at constantly adapting their attack mechanisms to effective IT security measures. New tools and iterative changes to existing malware are used to mercilessly exploit security vulnerabilities. Among the numerous threats, ransomware stands out as one of the biggest. More and more companies have to face extortion Trojans. A completely new threat called LockFile now relies on intermittent encryption. LockFile not only encrypts much faster than previous ransomware, but also bypasses security solutions that work reliably. This article shows why criminals are increasingly relying on intermittent encryption and how companies should react to the new threat.
Read more … New ransomware trend: Why criminals increasingly rely on intermittent encryption
Due to the war in Ukraine, secion provides an assessment of the threat situation for companies and examines the question of whether increased Russian attacks on companies in Germany, Austria and Switzerland can be identified. There is currently no evidence of an acute increase in the threat posed by Russian state actors in Western Europe, but there is increased public awareness of these cyberattacks. In addition, "third-party actors" are creating a new dynamic.