With 100% of large corporations (Fortune 500, Global 2000) forecast to have a CISO or equivalent position in 2021, there’s no shortage of opportunities for ambitious cybersecurity professionals. And while the responsibilities of the role carry a generous salary package, they also come with a challenging interview process. You’re ready to step up – all you have to do is get through the interview process, right?
What does it take to land a CISO role at a global company? For obvious reasons, there’s a heavy focus on technology skills, competence, and awareness, but here are five additional areas where you can stand out during the hiring process…
1. You’ve made it to the top – but can you take it to the board?
Board members aren’t always tech-savvy. Every successful CISO knows how to talk security in a way the board will understand, and that includes presenting cybersecurity threats, risks and mitigation in a business-focused way.
To stand out at the interview, demonstrate your ability to explain complex cybersecurity challenges in language that board members can understand. Your prospective employer will be looking for someone with “executive presence”, who can communicate confidently to the board. CISOs are responsible for informing the organization about new threats, technologies, practices, and compliance requirements. Show that you understand the value of metrics and reporting in explaining risks, requirements and goals. On that note…
2. Be a business enabler
The Chief Information Security Officer role extends well beyond the technical aspects of cybersecurity. In many cases, the CISO function isn’t combined with the broader IT team – the role requires someone capable of balancing what’s good for security with what’s best for the business. And you need to be able to articulate this in a way that inspires confidence in your security strategy and program.
To land a CISO role, you’ll need to demonstrate that you have the ability to align security with the overall goals of the business. Your job isn’t to lock everything down, it’s to enable the secure flow of information and ensure that people can achieve their goals in a reasonably secure way. Show that you know how to align security objectives with the overall goals and mission of the business – and that you’re prepared to work with all stakeholders to effect change to processes or culture. Which leads us to…
3. Be a people person
The best CISOs are influencers, capable of building strong teams of experts – and then getting out of their way to let them do their jobs. Many cybersecurity strategies involve some kind of process or culture change; your ability to be diplomatic while you work to understand diverse business and technology goals within the context of managing and mitigating risks will play a key role in your success in the job. Perhaps most importantly of all, your ability to be effective and communicate well during a crisis situation or cybersecurity incident is critical.
Be prepared to talk about your management style, softer people skills, and how you respond under pressure. Be able to answer either real-world or hypothetical questions on how you would manage communications during a crisis.
4. Get your head in the clouds
There’s a massive shift to the cloud and with it, an evolution in security responsibilities. Many organizations are built almost entirely on applications running in the cloud – that is where they’re storing and accessing their data, and that is where a large component of your risk mitigation is going to focus.
Jobs requiring public cloud security skills remain open for an average of 79 days – in other words, there’s a shortage. Ninety percent of CISOs have admitted to confusion around their role in securing a SaaS environment. At a time when cloud security is a strategic imperative, your ability to articulate a strategy for a top-down, security-first culture to protect applications and data will stand you in good stead.
5. Have a plan in mind
Obviously, you don’t have insight into exactly how their company rolls, but a strong candidate can at least articulate the approach they would take to their first couple of months in the role. What do you know about their business? What are the challenges? What’s their competitive advantage? What would you prioritize? How would you conduct a data inventory? Communicate risk to the board? What controls would you implement and how would you respond to incidents?
If you’re going to be the first CISO at the company, how would you build a team? What skills would you be looking to leverage in-house?
Spend some time thinking about how this would apply specifically to the business you’re interviewing at, and you’ll be demonstrating an ability to think in terms of their organization, not just trying out what worked at your last company.
Be the needle in the haystack
As the CISO’s role continues to evolve, candidates that can combine technical chops with communications and people-management skills will be in demand for organizations that expect to see strong leadership capabilities. Your ability to show that you know the business and speak the language of the c-suite should help you to impress. Good luck!
Get the latest from imperva
The latest news from our experts in the fast-changing world of application, data, and edge security.