7 Essential CISO Skills

January 1st, 2019

A Chief Information Security Officer (CISO) is responsible for developing effective security policies to protect their organization from the ever-growing threat of cyber breaches. They must be able to lead a team of security professionals, talk to board members and C-level executives, and explain security issues to management in both business and easy-to-understand technical terms. Here are the essential skills:

1. Education

Increasingly, CISOs have a combination of computer science skills and business experience, often possessing an MBA with a specialization in information systems, finance, or accounting. Business degrees give the potential CISO the ability to talk with other C-level executives in terms they understand.

2. IT Experience

A CISO should have a good deal of experience with security solutions and systems. Experience with crafting security policies, testing web applications for security vulnerabilities, or network call center support provide great security experience. Testing a variety of security solutions, auditing information systems and working in a security team are essential.

3. Risk Management

Companies often look for a CISO who has had experience handling a breach. It’s commonly accepted that most companies will suffer a breach. The CISO should be familiar with the Incident Response Standard and be aware of potential point of failure in IT systems.

4. Certification

Several third party certifications include the CCISO (certified chief information security officer) by the EC-Council, CISSP (certified information systems security professional) by ISC², and the CISM (certified information security manager) by ISACA.

5. Business Experience

CISOs must possess core competencies that include governance, system controls, auditing, compliance management, operations management, strategic planning, and finance and risk management.

6. Financial Acumen

A CISO must be able to articulate the return on investment (ROI) for any security solutions that may be implemented. Articulating the ROI to upper management in business terms will help get their buy-in not only for the initial investment but to communicate its importance throughout the organization.

7. Communications Skills

A CISO must also be able to communicate with business managers about their operational needs and security requirements. After identifying the issues, they must determine what solutions will best suit the business needs while mitigating risk.The job of the CISO is an increasingly important and challenging role. It’s essential that candidates come to the role fully armed for the many business, regulatory and technical challenges they will face.

Additional Resources

eGuide: What CISOs Need To Tell Their Boards About Cyber Security
White Paper: There’s Help for CISOs Overwhelmed By Security Threats
White Paper: The Managed Security Services Provider Survival Guide

Craig D'Abreo

Craig oversees the Managed Security, Threat Intelligence and Security Professional Services departments at Masergy. He is responsible for Masergy’s proactive enterprise cybersecurity threat management and operations program. Craig holds a bachelor’s degree in Computer Science and an MBA in Information Security. He is a Certified Information Security Systems Professional (CISSP) with over a decade of experience in the security industry and holds various network security certifications. He has written on various security blogs, spoken on a range of industry panels and is a recognized thought leader in the cybersecurity space.

Related Content

Automation supercharges the Masergy client experience

New automation engine accelerates time-to-service, giving clients faster price quotes, speedier order orchestration, and smoother migration processes.

Read more

What is SASE? And why it’s the next big thing

SD-WAN, trends in security, and changes at the WAN edge are triggering an IT rethink--it’s called SASE.

Read more

The impact of AI on cybersecurity: Are humans still your best asset?

With AI, how much of security can be automated today? It’s time to unpack advances in cybersecurity technologies.

Read more