Tracy Lenzner, president of the LenznerGroup, an executive search consultancy that places CSOs, answers readers' questions about how to land a security job. Q: What are employers looking for when hiring a CSO?A: That’s a million dollar questionand answer. The experience required is dependent on many factors. For starters, the type of company, its size, location, industry and regulatory requirementsboth domestically and globallyfactor in significantly. Industry-specific and functional-specific experience are also key. Candidates must be astute business executives in security with a strong emphasis in IT infrastructure, privacy, risk, fraud, audit and investigations that blends technology, business applications and corporate initiatives. Backgrounds may also include experience in a high-profile security role and the following:Solid work in both security and related industries with strong knowledge of privacy, risk and global issues facing the industry Contacts within appropriate government agencies to increase leverage and information flow on issues, legislation and trends Operational background with business case development, financial administration and experience developing product profit and loss statements Demonstrated leadership ability to provide direction to a diverse workforce Q: How can a candidate for a CSO position demonstrate his qualifications?A: Some skills are easily quantifiable, such as number of years’ experience, education (an undergraduate degree is most often required, and an advanced degree and CISSP are usually desired), size and type of industries served.Personality traits must be accurately assessed in terms of benchmarking, chemistry and soft skills. Requirements will include: A style and presence that quickly earns the respect of the technology and business executives Ability to coordinate across organizational boundaries and demonstrate results within various business areas Credibility as a security professional with the ability to conceptualize but also sell the concepts to the organization Strong interpersonal skills Inherent energy, enthusiasm, integrity and a tireless work ethic Diplomacy Capability to develop new and creative ideas Polished public speaking and writing skillsQ: I currently report to the global CSO. I’m getting bored and wonder about the best way to plan for my next step. Do years of experience always trump ability?A: From a reporting relationship and functional standpoint, you are in a good position. While the number of years can be important, what you do during those years is what matters. There are many things you can achieve to progress your career. For example, do you currently perform presentations both internally and externally to trade groups or conferences? Are you active in professional associations? Do you possess a CISSP or other advanced degree or certification? When was the last time you updated your résumé or tweaked your professional bio? Are you current on the new technologies, issues, trends, legislation and business issues of security? Are you involved in strategy, implementation and global initiatives? How is your speaking and writing performance? And what are you currently doing to progress in these areas? If you can answer all of those questions, great for you. If you have holes in any areas, get to work.Q: Any advice for those over 50 years old who want to land a CSO position?A: It’s never too late. If you have a progressive career record managing and leading large global organizations, you have a good start. Notwithstanding, at this point in your career, you need to possess all the right stuff. For anyone seeking or holding a CSO position, there is a relatively small learning curve available. At that level, a critical ingredient is to become knowledgeable of the corporate environment, to rapidly establish oneself as an effective member of the executive team and to be able to strategize. One must have the ability to proactively deal with ambiguity, possess flexibility and build consensus throughout tenure. A high level of experience, effectiveness, vision, determination and knowledge, coupled with integrity, professional and business acumen are essential. A certain degree of charisma to effectively articulate business and technology issues is also a plus. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe