Article

From CISO to…?

Exploring career growth in the boardroom and beyond

Our insight paper aims to explore the career growth for CISOs in the boardrooms and beyond. It can be hard to find the time to pause and reflect on yourself and think about where you are now and whether a shift in career path is fitting. Whether you’re looking for a route towards CEO, or to continue on the CISO path, this paper encourages you to reflect on the person behind your current CISO role, to look at your ‘why’, your ‘what now’, and etch out your ‘how to’, towards fulfilling your ambitions.

The key to a fulfilling career is self-awareness and understanding your key motivations. It is essential to ensure your responsibilities are fulfilling and not draining you, irrespective of the financial security they may bring. In this paper, we have summarised Daniel Pink’s model which sets out three key components of intrinsic motivation: autonomy, mastery, and purpose. Understanding the relative importance you place on each is an essential first step in orientating your career.
 

Career paths

Regardless of where your personal motivations lie, there are multiple career paths available to the CISO. These broadly fall under:

  • Alternative career move outside cyber: Through years of increasing cyber risk and outstanding CISO efforts, senior leadership is increasingly recognising the prominence of your role and the skills it requires. This opens up two main pathways:
    • Alternative subject matter expert (SME) path
    • Business leadership path
  • Continued cyber professional role: Given the exciting nature of the CISO role and its increasing importance and influence, it is understandable if you wish to remain in this battlefield, and explore other opportunities within. These include:
    • Continued CISO path, increasing achievement
    • Non-Executive Directorship (NED) and independent roles
    • Cyber consulting path
       

Steps for all paths

As you re-affirm or even discover your own motivations and consider what’s next, there’s no guarantee of an easy transition. Whatever your next step, you should take the opportunity to use your current role to lay the groundwork by nurturing existing skills and traits, addressing any skills gaps and planning strategically. Once you decide the path you need to accentuate your leadership traits to align better with the forward leaning attributes of successful business leaders.
 

Conclusion

Prior to any career decision, you need to ensure that you take the time to assess if your current career, or an alternative one, yields your desired goals and feeling of achievement. Self-awareness of your main motivators is key. However, if your current role is fulfilling you, and the main reason you might consider a change ‘From CISO to…’ is solely to avoid stagnation, then you need not worry if you were to remain CISO. The perpetually increasing prominence in cyber security over the past two decades, coupled with the transformation of the CISO role in the past five years, indicates that the coming years will continue to shape the role, solidify its indispensability and increase its influence and affluence.

If you would like to discuss your career path, any of the steps discussed or if you have any feedback regarding this paper please contact us at NSEDeloitteCISOProg@deloitte.co.uk.

Did you find this useful?