CISO: A Terminal Position

What Happens When You’re Done Being CISO

A couple of months ago, my position as CISO was eliminated. The company still had a CISO (more than one, in fact), and they decided to downsize my security team, and so no longer needed a person with the title of “CISO” in that part of the business. So there I was, working out what came next (and in a hurry). The answer was not simple…

Photo by Matt Walsh on Unsplash

When faced with choosing the next thing after CISO, a person has a few options:

• Find another CISO role. This is the most obvious. Once a CISO, always a CISO. Perhaps it means being a CISO in a new industry, or for a bigger (or smaller) organization, or in a new location. The essential job (running a security program to defend an organization) remains the same. Recruiters, in particular, are very comfortable sourcing CISOs for other CISO jobs. Just like people looking to get their first cybersecurity job, it’s hard to get a CISO role, but once in it, you can jump from CISO role to CISO role in a game of ever more demanding musical chairs. It’s getting a CISO role in the first place that is very challenging. Right now, even the CISO job market is pretty sluggish for people with a CISO title. There are a few positions opening up, but competition for those roles is intense, and the most senior of CISO positions are well guarded by executive recruiting…