The CISO role: Ways to define your career path


The CISO role: Ways to define your career path

The chief information security officer (CISO) was an unheard designation a few years ago. However, with the increasing thrust to protect vital information assets, the CISO role is gaining prominence

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

amongst Indian organizations. Automation and digitization of businesses and changes in the regulatory environment are expected to provide further push the CISO’s role in an organization. Let’s take a look at the changing significance of the role of a CISO as well as the various essential prerequisites to apply for it.

The CISO’s role has significantly evolved in recent times, with several Indian CISOs establishing themselves. A CISO role is pivotal to protect the information assets of an organization. For certain industries like bank and telecommunication, the CISO role is stipulated by government authorities. Organizations where a CISO role is not defined handle security issues in a reactive manner. Hence, CISO role is extremely crucial to lend different perspectives to information security as well as continuously drive the security strategy within an organization.

Usable career paths for CISO role aspirants

Traditionally, the technology guys are known to graduate to a CISO role. However, people who have worked in the risk and audit areas can do an equally good job. Professionals with certifications like certified information systems auditor, certified information security manager (CISM), and certified information systems security professional are easy fits for a CISO role. More than a technical certification, having the right kind of experience is important to apply for a CISO role.

A person who wants to handle a CISO role should have a finer understanding of the different aspects of information security, which is a vast field. An experience in the areas of awareness, change management, risk management, and technology will also be helpful. The current leading CISOs may not have an information security background, which is a recently developed domain. However, the new generation of professionals might directly start their careers from information security itself and hence, may not have a broader understanding of other areas, which is not necessarily bad. However, it’s always preferable to first understand business or technology and gradually diversify into security rather than picking up the role from day one.

Prerequisites for a CISO role

Business skills: To reach a CISO role, you need to understand your business, its goals, customers, various regulations, and risk appetite. You should be realistic while setting up security related expectations, and check whether people will be able to achieve it.

Soft skills: A CISO role warrants excellent communication skills with the management, team, industry colleagues, and vendors. A CISO may have the most brilliant ideas in terms of technology, but if he is unable to communicate, explain, and influence the business people, the proposals may not get approved. A CISO should be able to innovate, design future roadmaps and have good document presentation and focused planning skills. He should be a good leader with a clearly guided team so that everyone is focussed on one agenda.

About the author: Vishal Salvi is the CISO of HDFC Bank. Salvi has a CISM certificate and speaks at various conferences on the leadership aspects of a CISO role.

(As told to Dhwani Pandya)

This was first published in January 2011

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.