The position of chief information security officer (CISO) has been steadily rising in importance and visibility for several years. That\u2019s due in large part to the fact that cybersecurity has become a much bigger priority for many organizations in the wake of highly publicized data breaches that caused a lot of damage for the attacked companies.CISOs are the senior-level executives within organizations responsible for creating and maintaining the cybersecurity strategy and program to ensure that all information assets and technologies are sufficiently protected against attacks from inside and outside the enterprise.In addition to overseeing decisions regarding security tools and services, these executives also manage security policies and procedures, often in collaboration with CSOs, CIOs and other senior executives.Other responsibilities might include creating and maintaining disaster recovery and business continuity plans, helping to coordinate overall risk management, and overseeing an information security operations center.CISOs carry the burden of responsibility for securing some of a company\u2019s most valuable resources: its systems, networks, and data. Given the crucial role of information, applications, and connectivity in today\u2019s business environment, anything that goes wrong with any of these resources for any reason can be a major problem.Adding to the pressure and complexity of the job are the growth of cloud computing services, the rise of mobile devices and apps, the emergence of the internet of things (IoT), and the implementation of a host of data privacy regulations over the past several years.Employing a CISO or similar top-level cybersecurity executive has become a standard practice for companies, government entities and nonprofit organizations. The Global State of Information Security Survey 2018, a joint survey conducted by CIO, CSO, and PwC, said 85 percent of organizations had a CISO or equivalent in place.The role has become so important that many CISOs now report directly to CEOs or to boards of directors. CISOs not only need to have strong knowledge of security technologies and services, but a good understanding of business processes and goals, and corporate culture.What does it take to become a CISO? To find out, we spoke with Deborah Blyth, CISO for the State of Colorado.Education\/early lifeBlyth began working at a full-time job right out of high school, and later went back to college as an adult. While still working full time, she was able to graduate summa cum laude from Regis University in 2007, earning a bachelor of science degree in computer networking. She has always wanted to return to school for a master\u2019s degree, but has not yet had the opportunity. Deborah BlythDeborah Blyth, Chief information security officer for the State of Colorado.Career roadmap: CISOName: Deborah Blyth.Position: CISO for the State of Colorado.Degree: Bachelor of science degree in computer networking, Regis University.Certifications: Certified Information Systems Security Professional (CISSP)Years of experience: 19Advice for others: Never miss an opportunity to learn something new.\u201cI was probably somewhat pre-destined for an IT career,\u201d Blyth says. \u201cMy father owned a computer consulting business, and so I was exposed to computers at an early age and was taught to use them at home, before they had many computer classes in school.\u201dBlyth\u2019s father brought home a personal computer one summer when she was in her early teens. \u201cThis was long before personal computers were common in homes,\u201d she says. \u201cTo keep me busy over the summer, he would give me data entry tasks, and also buy me Basic programming books and assign me programs to write.\u201dWhen Blyth\u2019s father got home at night, he would check her programs and help her troubleshoot and get them running. \u201cI began to experience the excitement of writing code that could make the computer do different things,\u201d she says. \u201cI also enjoyed the challenge of trying to determine what went wrong and how to fix it.\u201dBlyth took a bit of a career detour while she was a senior in high school, however. Having a light class schedule, she went to work nearly full time at a local bookstore. \u201cI loved working in the bookstore, and thought I would make a career in the bookstore business!\u201d she says. \u201cI ended up managing a subsidiary of the bookstore, which was a computer software retailer. It was there that my passion and interest in computers was reignited and I realized that I really belonged in an IT career.\u201dJob historyWhile managing a computer software retailer before she attended college, Blyth applied for an entry-level position as a tape operator at Covia, now Travelport, a company that makes technology products for the travel industry.\u201cI was thrilled when I got the job, and looked at it as an opportunity to get my foot in the door at a great company with endless options for an IT career,\u201d Blyth says. \u201cI thought I\u2019d work my way into a programming career.\u201dAs a tape operator Blyth worked the midnight shift, and when she got off work in the morning she would shadow the automation team and learn how it automated processes on the mainframe computer to be more efficient and resilient. She learned about scripting and other automation functions.That helped Blyth make an easy transition into her next career move.When the company needed someone to build automation and specialized monitoring for its UNIX platforms, she was selected for the role. The company provided significant training for her to become a UNIX system administrator, and she found that she enjoyed that role even more than her automation role.After several days of firewall outages, the network team was rebuilding the firewall and discovered that it was really a UNIX system running the application. \u201cAt that point, they turned over the administration of the firewall to me,\u201d Blyth says. \u201cRealizing it to be an important security device, and having no security training, I went to the local bookstore and bought every book they had on firewalls.Blyth studied the books and became passionate about security. Less than a year later she transferred into the information security team, taking the administration of the firewall application with her. From that point on, Blyth knew she would make information security her career focus.Later Blyth became the manager and then the senior manager of the team. One of her proudest achievements while working at Travelport was creating the business case to get executive support and budget for a two-year effort to achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS).TeleTech (now TTEC), a business process outsourcing provider, in 2009 offered Blyth a position as director of its information security program. The company needed help scoping its PCI DSS effort to ensure that all appropriate systems were included and were meeting the security standard. During her five years at TTEC she was promoted to executive director of the program.In 2014, the State of Colorado posted an opening for the state CISO post. \u201cThe more I read that job description, the more I was sure they were looking for me,\u201d Blyth says. \u201cI couldn\u2019t think of any more rewarding career than doing what I love, in service to the residents of the state that I love.\u201dBlyth was hired for the position, and as CISO of the state has been successful at garnering support from the legislature, the Office of State Planning and Budgeting, agency executive leadership, the state CIO and the governor.\u201cI have an amazing team that has delivered on all of the strategic initiatives I\u2019ve put forth during my tenure,\u201d Blyth says. \u201cAs a result, and because of our stakeholders faith in us, we have been able to grow the security budget to more than double what I started with.\u201dMemorable momentsAs a UNIX system administrator, Blyth renamed one of her colleague's accounts to \u201chacker,\u201d and was reasonably confident that everyone on the team knew who the hacker account belonged to.\u201cHowever, I got a frantic phone call one day from another colleague telling me that a hacker had gained access to one of our systems,\u201d Blyth says. \u201cWhen I asked him how he knew there was a hacker on the system, he told me to display the current users and that I would see the hacker clearly logged onto our system. Simply asking our \u2018hacker\u2019 colleague to log off removed the threat.\u201dOne of the most memorable shows of support Blyth ever received was from then Governor John Hickenlooper in 2016.\u201cI was presenting to the governor and his cabinet our plan to implement two-step verification into our Google platform across all state agencies,\u201d Blyth says. The governor told his cabinet that he expected all agencies to implement the technology, and that he had already done so.\u201cThen the governor turned to me and said with a smile, \u2018it\u2019s not like I didn\u2019t notice it, Debbi!\u2019\u201d Blyth says. \u201cHe proceeded to tell the cabinet that the extra step was worth it for the extra security it would provide. His support enabled us to implement two-step verification for every agency, and in only 90 days.\u201dSkills and certificationsWhile Blyth worked at Travelport there was a director who realized it would bring credibility to the security team if everyone was certified in an area of security. \u201cWith his guidance and assistance, most of us became a Certified Information Systems Security Professional [CISSP],\u201d she says. \u201cStudying for the certification on my own time and achieving that goal was exactly the push I needed to finally enroll in college and get a four-year degree.\u201dWhen Blyth started college in 2003, it was with the realization that she needed more business knowledge, especially if she wanted to grow into an executive role. \u201cWhile I was very adept at the technical aspects of security, I needed to learn more about financial management, strategy and stakeholder alignment, leadership and people management, in order to be successful in a security leadership role,\u201d she says.She recommends that cybersecurity professionals and others invest the time to earn certifications. \u201cIt\u2019s a good way to demonstrate your commitment to the profession, and that you have some base level of knowledge,\u201d she says.Biggest inspiration\u201cMy father has always been a great inspiration,\u201d Blyth says. \u201cNot only is he technical, but he\u2019s personable; people like him. He inspires trust and demonstrates that he is worthy of that trust, which is so critical when growing a business or growing a practice within a business. And my mom was always very encouraging to people. She had a natural people-leadership style that I had the opportunity to learn from.\u201dBlyth has been fortunate to have managers and leaders who served as mentors in her career. She recalls one executive who coached her through a difficult decision that she needed to make as a manager.\u201cHe told me that if I didn\u2019t make the decision it would be made for me, so I needed to step-up and own the decision,\u201d Blyth says. \u201cAnd while it was a painful decision that I didn\u2019t initially want to own, it was a real growth opportunity which helped me to emerge as a leader during a time of uncertainty and transition.\u201dThe executive\u2019s leadership encouraged Blyth to look at everything as a growth opportunity \u2014 every difficult transition, every challenge, every perceived failure. \u201cThese are the best opportunities from which to learn and to grow,\u201d she says. \u201cIt makes struggling through the difficult times doable, knowing you\u2019ll emerge better prepared in the future.\u201dAdvice for others taking a similar path\u201cBe a life-long learner,\u201d Blyth says.\u00a0\u201cNever miss an opportunity to learn something new, because you never know how that piece of new knowledge might help you in your next role or even in your next decision.\u201dCybersecurity professionals should expect to invest their own time in learning new skills, she says, because jobs will not provide all of the training needed.\u201cOne tip that really worked for me: get your foot in the door at a great company, or with state government, and then work hard and show them how capable you are at learning and demonstrating new skills,\u201d Blyth says.\u00a0\u201cAs you become proficient in your current role, new opportunities will be presented to you and will allow you to shape your career to do what you enjoy the most.\u201dAfter five years as Colorado CISO, Blyth still enjoys what she is doing and has not given much thought to what she wants to do next. In her current role she has numerous opportunities to interact with students and individuals who are early in their careers, and to talk to them about considering a career in cybersecurity.\u00a0She also enjoys interacting with peers across the state and across the nation, to learn about their programs and to share the successes and lessons her team has learned.\u201cEvery year, my goal is to encourage more people to consider this career path, and to provide more assistance or encouragement to my peers across the nation,\u201d Blyth says.