I recently received my CISSP certification, and look forward to expanding my skillset and developing my career further. I've received some encouragement from a CISO I trust to consider getting an MBA. I've given it some thought and am undecided if an MBA is worth it for me. I have almost 20 years of experience in the software development industry, and wonder if an MBA at this stage in my career will be a good return on my investment of time and money. I want to be able to better communicate with the C-suite, and maybe join them one day.
I would appreciate any thoughts the ISC2 community has to offer.
Also a new CISSP. I really appreciate this post and I plan to follow it. I have career ambitions of eventually reaching a CISO level. Been an engineer for 15+ years Looking to head into leadership and possibly bypassing the lower and middle management phases.
@Select_From It seems we have some things in comment and probably face some of the same challenges. With a hand on background do you think it will be difficult to be hands off as you move up the ladder? And will you miss being hands on? I have been looking into different CISOs and I am shocked by the lack of background I am seeing. One person had a sales background, another said they didn't understand the tech but had people for that, but they could write one hell of a 5 year strategic plan. My thought was how can you write a plan for something you don't understand?
With all the talk of the talent shortage in security I think it creates more problems than it solves. People seem to think they can just go take a course in security and they are qualified to get a job. Just like with the higher level positions I feel that people need a good foundation and understanding, otherwise how can they handle what is needed...
Just a few thoughts...
With a hand on background do you think it will be difficult to be hands off as you move up the ladder? And will you miss being hands on?
Hey @JKWiniger, I appreciate you asking those questions. I have spent many years thinking through these exact questions of do I want to give up the hands on day-to-day that I have excelled at for so many years. For me, what really allowed me to excel over the past years is my passion for understanding why things work or why they don't, and figuring out solutions to make them work. That motivation to find a problem and solve it is the key underlying driver for why I've exceled in the IT/IS fields. Moving towards leadership means that the problems and solutions I would be working on would transform from technical into organizational. Also, moving into leadership doesn't mean that I would have to give up technical abilities, it would actually free me up to spend time on personal technical projects outside of work.
I have been looking into different CISOs and I am shocked by the lack of background I am seeing. One person had a sales background, another said they didn't understand the tech but had people for that, but they could write one hell of a 5 year strategic plan. My thought was how can you write a plan for something you don't understand?
I understand what you mean in regards to CISOs, CIOs, and CTOs being less technical and far more administrative. I have seen these executive leaders really heavily depend upon their technical team. In some respects that worries me quite a bit, especially where there is so much legal responsibility on a person in that role.
I have wondered what makes an individual qualified for such a role. Smaller organizations tend to promote or seek top technical talent to run their IT/IS groups. Mid-tier organizations seem to search for SVPs from larger organizations. While large organizations tend to look for already existing C-level individuals who are presently working within the same industry.
I've resigned that breaking into a C-level role will likely mean moving into a much smaller organization, where you wear many hats and juggle a lot of different work. However, if I'm wrong and I'm missing some key piece, I'd love to hear from others.