Board bound: how to rise to the executive level in cybersecurity

Having your eye on the prize will keep you on track toward success

boardroom table

When first entering into any field, most of us have our eye on the prize. I wanted to be a talk show host, so I started out as a communications major. I interned at a local news station, and when I saw myself on camera, I immediately determined that I would never again be on screen.

My point is that along the way toward that goal, everyone encounters some glitch, some bump in the road that might make them think perhaps this isn’t the right path for me. Sadly, some of us even abandon that dream because the obstacles seem too formidable. We don’t find that right cultural fit in the work place that inspires us and challenges us to be our best.

Allowing your vision to guide you to your goal, though, might remind you of the passion that delivered you to where you are. What if, at every obstacle, instead of finding a way out, you were to find a path upward. I’m feeling a little like Dante here, but what if the challenges, the discomforts, the failures, the long hours, and all of the other negatives are exactly what you need to get you to that higher level?

John N. Stewart, chief security and trust officer at Cisco, is an adviser to and recently joined the board of directors at RiskSense. Stewart did not begin his career in the security industry at the executive level. No one does. As a veteran of the industry, Stewart now mentors young companies he considers innovative, and he has for some time been impressed by RiskSense, which has developed a visualization-based approach to manage cyber risks. 

His own career in cyber, though, goes all the way to the late 1980's when he was in college at Syracuse. One of the reasons he became fascinated with cyber was a book, The Cuckoo’s Egg, written by Cliff Stoll.

The mystery revealed a captivating tale of chasing hackers, and Stewart was reading it in the right place at the right time. The Morris worm launched out of Cornell University in 1988, the year that Stewart was working at a computing center at SU.

“People were very patient with me, and there were full-time employees that let me set up a security system. I learned on the fly a great skill set,” said Stewart. After spending five years earning his dual BA/MA degrees at SU, Stewart landed himself an opportunity at the NASA research center during the nascent days of the internet, which prepared him for going on to do systems administration on computers at Cisco.

Throughout the 1990’s Stewart honed his skills as an engineer as the technology world around him gave birth to more websites and ecommerce. “I was an engineer, but there was a whole bunch of business acumen I was missing,” Stewart said. Driven by the greater vision of what he could accomplish in the cyber world, he followed two business leaders to Honolulu, Hawaii, and worked with them putting a company together from 1997 to 2002.

After the company went public and was sold in 2001, Stewart continued with the parent company while also spending a year teaching part-time at various conferences and community colleges. “I was teaching at a conference in 2002 and ran into a couple old Cisco colleagues,” and in 2002, he returned to the company where his career began.

Stewart has been advising companies for more than 20 years. “I’m fascinated by the innovation speed at which small businesses grow,” said Stewart who has been sitting on the boards of small companies and crossing paths with investors and advisers for year.

As so many leaders in the security industry realize, Stewart also recognized that there is a lack of available talents. “The criticality of IT systems has now hit a peak. There is not a single business that doesn’t use IT at a very core level. Computer security is equally as important. Service needs to run and be safe. With the total amount of data and the rate at which things change, the only one solution is technology. Even if you did have the people, you can’t get them fast enough,” said Stewart.

Now, more than ever, the security industry needs people whose skill sets are at the intersection between technology, business, and critical thinking. “If you apply all three of those, that’s the type of people we need tons of,” said Stewart.

“The level of critical thinking that requires taking the data and modeling it and knowing what’s important still requires hands on operations and a knowledge of underpinning how the organization works and an ability to react dynamically to what you are told,” he continued.

So if you are just starting out and feeling disenchanted, underappreciated, or hopeless, let those sources of frustration define your greater purpose. Become visionary, stay the course, and allow yourself to grow and evolve with the technology around you.

Copyright © 2016 IDG Communications, Inc.

Subscribe today! Get the best in cybersecurity, delivered to your inbox.