Cyber Work: How to become a Chief Information Security Officer
Introduction
In this episode of Infosec’s cybersecurity podcast series Cyber Work, host Chris Sienko talks with Joshua Knight, cybersecurity business leader at Dimension Data, about how to become a Chief Information Security Officer (CISO). Joshua has more than thirty years of experience in the technology space, including National Security Agency (NSA) and enterprise experience. Prepare for a rocket ride of insight and information into this highly sought-after information security role!
FREE role-guided training plans
Your bio says you like “using life-changing technologies to transform business, culture and society.” What do you mean by this?
As technology evolves, Joshua has enjoyed watching the growth and change of technologies including cloud, virtualization, smartphones and artificial intelligence (AI). All of these can greatly transform business, culture and society.
How did an interest in technology change into an interest in security?
Joshua got his start tinkering with computers at an early age. At around age 10, he was an at-risk student, so his college professor father brought him into a computer lab to keep him away from trouble and help him explore the technological opportunities the lab had to offer. It was in this lab that Joshua put in his foundational hours with Unix and Linux.
How has the cybersecurity landscape changed since you first got involved?
Joshua has been involved with security since the beginning when he was a white-hat hacker in 2001. He was working with Sprint at this time when he sat down with the head of the FBI and discussed security and how it would unfold in the future.
Joshua has been involved with every expression of security over the years including network security, internet security, information security and the latest incarnation — digital security.
How did you get involved with the NSA?
During a period of career change, Joshua contacted government agencies for new opportunities. Through Sprint, the NSA contacted him to work with them as a white-hat hacker.
Later, he worked with both the FBI and DOJ as a penetration tester; at one point, he hacked the information of everyone involved in the Olympics worldwide! Joshua also worked with the Department of Defense but cannot say any more than that about the experience.
What were the major steps and progression of skill sets on your path to becoming a CISO?
When Joshua started, he was an infosec and technology expert coming out of the gates. He first worked as a CISO early out of college because of his expertise and the opportunities in the market space he had.
When he started working for Sprint, Joshua worked for a CSO (Chief Security Officer), not a CISO. This CSO helped him understand the areas he lacked experience in — governance and physical security, as well as the soft skills. When he made the move over to AT&T, the CISO there acted as Joshua’s mentor and helped him meld all of these skills together.
Are your milestones still applicable to aspiring CISOs today?
If you want to become a CISO, you need to view it as four major areas: governance, technology, physical security and cybersecurity.
Frankly, CISO is a reflection of the old world. Things are moving toward the Chief Trust Officer (CTO). The one who knows governance best in this world will be on top, because the buck stops with governance.
What types of jobs and responsibilities is a CISO part of on a daily basis?
Your day-to-day consists of combining operational, relational, technology and governance pieces together with working with the key go-to organization executives. Many lose sight that they need to also be driving revenue, which is what separates the security czars from everyone else.
Does a CISO work more closely with management or the C-suite?
CISOs work with both. A CISO needs to work with their peers and management to develop a 36-month road map of strategy and need to treat themselves as a center of excellence. Rather than focusing on one of these two groups of important organization designations, CISOs should focus on being easy to do business with, ensuring the state of security and driving revenue.
What are the best and worst parts of being a CISO?
The best part is the community — the global security intelligence community (GSIC). You need constant communication and open dialogue with your peers. Security is security worldwide and thinking otherwise is career-limiting.
What activities should you enjoy?
You need to enjoy professional relationships. The answer to all things is to build a network of relationships inside and outside of the organization. Your career will come to a dead halt without this. It is not that you want to be liked, but that you have to be liked.
What role do you feel certifications play in a security career path?
Certifications can help — Joshua recommends earning CompTIA Network+, Security+ and CISSP for governance reasons. This will help you, as many are afraid of security and certifications break this fear barrier. You also need to know how certifications work together — meeting others in the community can help with this.
What types of companies require a CISO?
Ultimately, all sizes of company require one but not everyone has the resources and size to have a dedicated CISO on staff. For smaller companies, you may have to work as a consultant first; as long as you have the knowledge, you can start low and build up. Above all, you need knowledge, confidence and solid communication skills.
What are some common pitfalls?
Joshua mentions three pitfalls:
- Not listening — to board of directors, CFO or peers
- Not communicating
- Not relevant to the business — not driving revenue, not building relationships
What can you do today to move one step closer to becoming a CISO?
- Get certified — Security+, CISSP
- Find a mentor — CISO or head of security
- Get involved with the GSIC
Where do you see security practices going in the future?
Things are moving toward digital security. As we get more involved with the cloud and IoT, we are moving more towards the digital and things being software-defined, and eventually toward multi-cloud and hybrid.
Conclusion
In this podcast episode of Cyber Work, Chris Sienko spoke with Joshua Knight, cybersecurity business leader at Dimension Data. Joshua provided a wealth of information about both how to become a CISO and where the field is going in the future. Stay tuned for more insightful episodes of Infosec’s Cyber Work podcast!
You can watch Chris's interview with Joshua Knight at the Cyber Work YouTube page.
What should you learn next?
Sources
- How to Become a Chief Information Security Officer, Infosec (YouTube)
Get unlimited and self-paced training for you or teams in your organization with Infosec Skills.
- 190+ role-guided learning paths
- 100s of hands-on labs & cyber ranges
- Custom certification practice exams
In this Series
- Cyber Work: How to become a Chief Information Security Officer
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity