I have been in information security for 14 years and my career has progressed wonderfully. With more than 20 years of experience managing and leading people, I have identified some key areas of interest, including leadership and organizational development, and how to build outstanding teams.
As women are underrepresented in information security, I often get asked for guidance from those women seeking to grow in the field. When women ask me, “How can I be successful in information security,” I view it as a leadership development opportunity.
Women face different challenges than their male counterparts when it comes to leadership development, and therefore require a different approach for success.
There are strengths that women more naturally exhibit, including:
- Collaboration and communication
- Ability to multi task and manage very diverse issues
- Tendency to connect with and develop others on the team
An example of an area in enterprises where these skills are evident and women tend to gravitate to is Governance, Risk, and Compliance. These are great qualities and necessary attributes needed in all departments, and specifically in information security.
But for women starting out their careers in information security and who aspire to climb the corporate ladder, I would not recommend looking to jobs that emphasize the aforementioned skills from the outset.
Instead of focusing on those areas for your first jobs in information security, I would recommend you seek roles that build your technical skills, as this will provide the foundation and credibility you will need later as a Chief Information Security Officer.
CISOs must have baseline technical skills to be effective. They must be able to explain to the Board and C-Suite complex topics such as advanced malware, DDoS, and software vulnerabilities within a business context. The only effective way to discuss these topics is to truly understand them and communicate them using the language of business.
In terms of my own career progression, having an engineering degree has helped me tremendously achieve my goals. I knew very early on that I did not want to be an engineer, but that I wanted to manage teams of engineers.
I did so for 12 years before transitioning to information security. In order to effectively manage engineers, I needed to speak their language to build a foundation of trust and respect. The same is true for your Board and C-Suite executives – though the language is different. Recognizing this early on, I went back to school to get my MBA. Doing so enabled me to speak their language and positioned me to be a better, well rounded executive.
So for women starting out in the information security space, I have the following recommendations:
- Get your CISSP or a technical SANS certification; these will provide a broad baseline knowledge
- Decide where you want to develop your technical expertise within the security field
- Find a job that allows you to gain real experience in that area, even if it is a lower level job than you believe you should take, and stay in that job 1-2 years and excel
- Publish an article or speak on the topic in which you have chosen to specialize
- After 1-2 years of success with the technical experience under your belt, start looking for your next role where you can command greater responsibility and subsequently higher compensation. If your current employer doesn’t afford you that opportunity for career growth, leverage the relationships you’ve built in industry associations and with other companies and organizations to find your next role. This is about you managing your career not your company managing your career.
- Rinse and repeat this job cycle for a few more jobs, gaining technical experience and business acumen along the way so that you are ready to put it all together as a seasoned female executive.
Remember, you don’t have to stay in a technical role for your entire career, but it is important to gain those foundational skills early on and build on them while adding business and management skills throughout your career to become an effective and successful CISO.