The Art and Science of Being a CISO
Cyber Defense Magazine, Thursday, April 3rd, 2025
Have you ever wondered why people are chosen to become Chief Information Security Officers? I started thinking about my peers and listening to their stories of how they obtained their positions. I then considered why I was chosen to be a CISO. At the end of the day, it really was a choice by the powers that be.
When CISOs hire people, many use some form of skills assessment. Sometimes there are sample assignments. We sometimes have people go through scenarios to see their problem-solving abilities. We apply some form of metrics to the process for many roles in cybersecurity.
With a CISO, everyone likes to believe that there are intangibles and soft skills that cannot be measured. People making CISO hiring decisions look to the applicant's past roles to predict their potential for success. While this may sound like an oversimplification, in essence the hiring team believes the CISO knows in their gut how to make appropriate decisions and will continue to do so for their organization.