Panelists discuss path to top IT security job

To become a chief information security officer, learn to speak and write succinctly. That was the advice from a panel of successful CISOs to system and network administrators who aspire to become security executives.

“Think crisply, and write well,” said Jane Scott Norris, the State Department’s CISO. Speaking today at the Computer Security Institute's conference and exhibition in Washington, D.C., Norris said information security executives must be able to present a case for action in one page—no more. To prepare for the executive suite, “get your thinking really succinct,” she said.

Another speaker, Bill Hancock, vice president of global security solutions and chief security officer at Savvis Communications, said writing is a skill he expects his staff members to master. “A security person writes a lot—white papers, PowerPoint slides,” he said.

A CISO needs a balance of technical and management skills, Norris added. “You need to know enough about management so you can fit in and enough about technology so you don’t get snowed.”

No direct path exists from the CISO’s office to the chief executive or senior agency executive’s office, panelists agreed during a discussion of the evolving role of CISOs. The path to the chief executive officer’s office runs through the office of the chief financial officer, said Jennifer Bayuk, CISO and managing director of information security at Bear, Stearns and Co. “Become a CPA and then get promoted to CFO,” she said.

Panelist Terri Curran, director of information security at Bose, said her advice to security administrators in their 20s who want to become CISOs is to be patient. “It takes a long time to become a CISO that your management is going to trust. Patience is key.”


  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected