How to Become a Chief Information Security Officer

chief information security officer in front of servers

As the importance of cybersecurity is becoming increasingly apparent to major corporations and other organizations, IT professionals have been edging their way into the C-suite. One example is chief information security officer (CISO) — a position that many corporations have embraced, modernizing their organizations to take on the challenges of the 21st century. Could a C-suite position be in your future?

The History of the CISO

Steve Katz is widely recognized as the world’s first chief information security officer.1 Katz began his career in cybersecurity consulting before cybersecurity was a buzzword.

During the next few decades, Katz’s job responsibilities continued to evolve as PCs were introduced, and he climbed higher on the corporate ladder to eventually become the CISO of Citibank. In 1994, the importance of cybersecurity hit home to the corporation when there was a massive data breach in the international funds transfer system.1 In response, Katz was named as the CISO of the world’s first cybersecurity executive office.

Today’s CISOs don’t have quite the uphill battle that Katz faced. Modern CEOs and CFOs have a better understanding of the damage a data breach can cause and the importance of strong cybersecurity measures. The potential setbacks hackers can cause add value to the chief information security officer’s role.

Core Job Responsibilities of the CISO

Every organization has unique needs and business processes. At some corporations, the CISO is given free rein while at other organizations, the CISO has less creative discretion. However, all CISOs have considerable decision-making powers. Some of the best employees in this occupation can pull management and security together. Some of the core responsibilities of the typical CISO include the following:

  • Recruit and hire for information technology jobs
  • Lead a team of cybersecurity professionals to accomplish goals that benefit your workplace
  • Develop a strategic plan regarding the formulation of cybersecurity programs and measures
  • Oversee the creation and compliance of the organization’s security policies, procedures and standards
  • Develop comprehensive risk assessments based on audits of existing tech systems
  • Stay alert to new cybersecurity threats and evolving infrastructures

In addition, a savvy CISO will remain mindful of the importance of continuing education and professional development. They will spearhead efforts to connect the IT staff to training programs. Keeping a well-trained staff is an important task for any manager so they can handle complex IT issues.

The CISO may also design and implement cybersecurity education training programs designed for the average (non-IT) employee at the company or for the consumers the company serves. These courses can help to have other departments and consumers make smarter choices online. In short, a typical CISO’s day is divided between technical duties and non-technical leadership responsibilities.

Further Recommendations After School

After getting a degree, you should consider getting certifications. One of the top certifications for anyone in the cybersecurity field is the CISSP (Certified Information Systems Security Professional). The certification shows you can create and implement a strong and secure network. It is important to note that you must have five years of paid work experience before taking the test.2

The PMP (Project Management Professional) is another certification that is worth considering. A PMP is a certification based a project management and learning the best methods to leadership. Managers who earn this certificate will have a nice credential on their resume. Once you earn a four-year degree, you must have thirty-six months leading various projects. Alongside the project leadership, you’ll need thirty-five hours of project management training or obtain a Certified Associate in Project Management (CAPM®) Certification.3 A CAPM® is their entry-level certificate for those wanting to pursue management.4

The Future of the CISO Role

Just by taking a quick look at Steve Katz’s career as the first CISO, it’s easy to see how rapidly this managerial position has evolved over time. It’s expected that, like cybersecurity itself, the role of the CISO will continue to be redefined during the coming years and decades.

One anticipated trend is the need to define an overarching, long-term cybersecurity strategy for each organization, rather than allowing a company’s information security program to be immediately affected by each new headline about data breaches. Future CISOs will need to be visionaries who provide strong leadership to keep the company steady even amid temporary cybersecurity setbacks.

Grand Canyon University is a leader in cutting-edge tech degree programs. When you earn your Master of Science in Cybersecurity, you will be better prepared to pursue high-level leadership positions within cybersecurity. Click on the Request Info button on this page and begin exploring how earn an MS in Cybersecurity.


Retrieved from:

1 Cybercrime Magazine, Backstory Of The World’s First Chief Information Security Officer in August 2021

2 (ISC)2, CISSP Experience Requirements in August 2021

3 Project Management Institute, Project Management Professional (PMP)® in August 2021

4 Project Management Institute, Certified Associate in Project Management (CAPM)® in August 2021 

The views and opinions expressed in this article are those of the author’s and do not necessarily reflect the official policy or position of Grand Canyon University. Any sources cited were accurate as of the publish date.

Loading Form

Scroll back to top