Welcome to the talk page for A Unicorn Designed by a Committee: The Idealized CISO. You can find additional resources here!

Abstract

Every CISO arrives by a different path, and every executive has a different expectation of what a CISO actually does (besides “everything”). Where do these expectations come from, and how can you prepare your career to be ready for everything that you’re going to be expected to do? Can you articulate the necessary job description so you aren’t sabotaged by impossible expectations?

Overview

Most security practitioners today come up through a hyperspecialized career path, rather than the polymath path that characterized practitioners of a generation ago. C-level executives in the business have been overexposed to so-called “Unicorn CISOs,” and thus have come to expect that all CISO candidates will be skilled across the security spectrum. Instead, the opposite is becoming more true. Modern CISO candidates draw from a deep well of expertise in a security discipline, and need to round themselves out, deliberately seizing the opportunities that were thrust unwillingly on their predecessors.

Talking both an outside-in and a bottoms-up approach, this talk will explore the journeys that security practitioners take, whether they begin in architecture, operations, compliance, or management. At each step of those crisscrossing journeys, we’ll explore not just how the security practitioner might see the opportunity in front of them, but also how that opportunity is viewed from outside the security team. In holding up that one-way mirror to the varied cybersecurity career paths, we hope to enable to security practitioners to view their own professional development not just intrinsically, but also extrinsically, seeing how they affect their business and their colleagues.

Attendees will walk away with new insights into how they can expand their career options, and what skills they need to develop in themselves and in their team to break through the titanium ceiling of unspoken expectations.

How to CISO relevant resources

• Read the The Idealized CISO Job Description for insight into many of the roles a CISO is often asked to fill.
• Just getting started in a new role? Reference The First 91 Days Guide for insights into setting yourself up for success!
• Want to connect with other CISOs (current and future)? Join The How To CISO Discord.
• OpEd: Is a CISO really a chief?
• OpEd: Is the CIO going away (and is the CISO going to have to do their job)?
• OpEd: We don’t need another infosec hero.

More Reading

• Navigating the Cybersecurity Career Path, Helen Patton
• 1% Leadership, Andy Ellis

Speaker Personal Pages

• CISOHelen.com
• CSOAndy.com

Talk Slides