Meeting with the CISO
By Gideon T. Rasmussen, CISSP, CRISC, CISA, CISM, CIPP

Cybersecurity professionals with strong performance should request a meeting with their Chief Information Security Officer (CISO) for career and professional development advice.

Start by establishing a Career Profile slide with details of your background and accomplishments. Include the slide within a Portfolio, with your resume, references and work product. Having this information with you is important. Do not meet with the CISO empty handed.

Next, ask your supervisor for approval to meet with the CISO. Most CISOs have an open door policy so requesting a meeting is usually fine, providing your chain of command is aware.

Prepare for the meeting the night before. Think of possible scenarios for the conversation and how you would address them. A CISO operates at a high tempo and can consume information quickly. Be prepared for a casual yet fast moving conversation. In 30 minutes with the CISO, you may cover 60 minutes of conversation from a normal meeting. Be prepared to keep pace with the CISO.

Let the CISO kick off the meeting. Mention you plan to have a career with the organization and are looking for professional development advice. Provide a two minute summary of your career focused on accomplishments, similar to an elevator pitch.

If you are in a large organization, consider expressing interest in a Business Information Security Officer (BISO) position, focused on a line of business. You can also cite goals of establishing a program or making significant changes to an existing program. If you see a need for a program or process to be created, mention that and offer to take point for design and implementation.

Ask the CISO for advice such as:
  • What behaviors do I need to exhibit to prepare for my next role?
  • Is there a project I can lead or participate in?
  • Who would you recommend as a mentor?
The CISO may evaluate your capabilities by asking questions. You need to be prepared for that too. When asked about establishing a program, consider responding in terms of Program Architecture:
  • Program overview deck
  • Welcome packet
  • Process diagrams
  • Procedures manual
  • Message templates
  • System of record
  • Reporting
  • Metrics, KPIs and KRIs
  • Quality assurance
Adopting a Program Architecture approach communicates change proactively and helps ensure consistent execution.

A CISO has problems and resources to drive change. If you perform well during the conversation, that may drive your career forward. Remember to send a thank you e-mail later in the day.

Fortune favors the bold.

Click here for more professional development tips