+ Reply to Thread
Results 1 to 10 of 10
  1. Senior Member aspiringsoul's Avatar
    Join Date
    Jul 2013
    Location
    Kentucky
    Posts
    310

    Certifications
    CISSP, VCA6-DCV, CHFI, CEH, CCNA R&S (Expired), CompTIA A+, Network+, Security+, Server+, MCP 70-270, 70-410, 70-411,
    #1

    Default Path to CISO. Which MBA should I choose?

    I’m currently employed as a Cybersecurity Consultant. I’m helping clients build and manage their information security programs.

    I earned the MSISA from WGU last year. I also earned the CISSP.

    My long term goal is to eventually transition from Consulting to a CISO position (and potentially a CIO position much later in my career).

    Certification Goals:

    CISM (studying for now)
    CISSP-ISSMP (2019)
    EC-Council CCISO (2019)

    Education Goals:

    I don’t think an MBA will be neccesary to transition to a CISO role down the road, but it could prove to be helpful if I want to transition to a CIO role in the next 15 to 20 years.

    I’m considering the following universities (online programs):

    * Western Governors University: MBA IT Management
    * Southern New Hampshire University: MBA IT Management
    * Morehead State University: MBA
    * Eastern Kentucky University: MBA
    * Murray State University: MBA

    I would appreciate feedback from current (and aspiring) CISOs.
    Reply With Quote Quote  

  2. SS
  3. Senior Member
    Join Date
    May 2009
    Location
    DMV
    Posts
    2,236

    Certifications
    CCNP, CCNP(collab), S+
    #2
    I'm not sure how those MBA's will help you become the CISO and potentially CIO later on. I would just focus on getting one. The next thing I would work on is being a superior performer in current positions. This means being at the top of the food chain amongst your peers. The next thing to work on are the soft leadership skills. Listening, speaking, writing and getting buy-in from people above and below you, and knowing the right information at the right time and using it to your and the company's advantage. Sadly not many of the last skills can really be taught in class, they come from experience and mentorship and the right grooming environments.
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    May 2013
    Posts
    1,522

    Certifications
    Cisco (3), CompTIA (2), EC-Council (2), GIAC (3), ISACA (1), ISC2 (1)
    #3
    If you really want to be a CISO or CIO, you need to get into a management role at a company. Consulting is great because you get exposure to different environments, however you only see a subset of issues and implementation/execution aren’t typically a part of a consultants job...meaning you come in and can see problems and make recommendations but you don’t typically manage them all the way through resolution.

    PMP needs to be on your list but honestly I wouldn’t even worry about an MBA until you are in a management role.

    Lastly, going from CISO to CIO isn’t probably going to mesh well as a path because the interests are different between the two. Security is rising into its own vertical, so you really should try to focus on one path.
    Reply With Quote Quote  

  5. Senior Member jdancer's Avatar
    Join Date
    May 2011
    Posts
    466

    Certifications
    Cisco CCNA: R&S, Security, CyberOps, CCAI; Linux Foundation: LFCS; CompTIA: A+, N+, S+, L+, P+; Microsoft: MTA, MCP; ITIL: Foundation v3; CIW: DDS
    #4
    As was posted before, get on a management track first.

    Once you are years in your position, have your organization pay for an Executive MBA.

    I won't bother with a general MBA when starting in management.
    Reply With Quote Quote  

  6. Senior Member roxer's Avatar
    Join Date
    Jan 2018
    Location
    Some dark place in the universe...
    Posts
    130

    Certifications
    CISSP, CISA, CRISC, CISM, CSAE, CASP, CySA+, SEC+, CCSKv4, TOGAF 9, COBIT5 Foundation
    #5
    You don't need an MBA to be a CISO or a CIO. Does it help? Sure. I think the more apt suggestion is to learn the business and how you can leverage security and IT to grow and increase revenues, efficiencies, or profits. An MBA shows you have learned material to understand bushiness, but you can start by having conversations with the executive level folks now. Knowing and doing are two different things. Show them you are interested in their problems and help create solutions that solve them--even if it means NOT using technology. Correcting a process to gain efficiencies is just as effective or more so than dropping a piece of tech on the desk, and much cheaper too. To the business world, you need to speak their language and understand what constraints, forecasting, and valuation mean and how to apply them. Learn how to do ROI, TCO, NPV, and other formulations. You can get an MBA later, but you can learn the business and show you are a team player right now. Just my two cents.
    Reply With Quote Quote  

  7. Senior Member roxer's Avatar
    Join Date
    Jan 2018
    Location
    Some dark place in the universe...
    Posts
    130

    Certifications
    CISSP, CISA, CRISC, CISM, CSAE, CASP, CySA+, SEC+, CCSKv4, TOGAF 9, COBIT5 Foundation
    #6
    Oh, and learn how to make presentations (power point) and present. Nothing like a well developed presentation to get managements attention. Soft skills are a BIG yes to management.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Nov 2011
    Posts
    823
    #7
    IIRC, there was a CISO of a famous company that was equihacked not too long ago. That person had a degree in Muisc studies...
    Reply With Quote Quote  

  9. Senior Member DZA_'s Avatar
    Join Date
    Sep 2017
    Posts
    168

    Certifications
    Look Ma! No Certs!
    #8
    I was thinking about posting the same thread but totally backed off. As for resources go, I recommend reading the following book: https://www.amazon.ca/CISO-Leadershi.../dp/0849379431


    I'm just pretty much finishing it. You'd be surprised of how much insightful content are in that condensed little book written by a combination of CISOs and their experiences. You'll learn from their mistakes at their expense and not yours! Good luck on your way to becoming a CISO.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Sep 2016
    Location
    VA
    Posts
    861

    Certifications
    CISSP, PMP, CCNP, FITSP-M
    #9
    Fairly expensive book but looks like you can rent the Kindle edition for a month through US Amazon for $15. https://www.amazon.com/CISO-Leadersh..._&dpSrc=detail
    2018: CCIE Written (R/S) (done - Jan), CCIE R/S
    After that: MBA, OSCP
    Reply With Quote Quote  

  11. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,710

    Certifications
    CISM, GPEN, GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #10
    I would aim to get the best (according to ranking) MBA you can possibly get. Be prepared to pay big bucks for a brand name MBA.

    Being in consulting is a good step. You need to start cultivating business skills now, in general areas such as finance, marketing, strategy, policy, and leadership. Get the best MBA you can get. You have all the technical skills that you'll ever need, however a CIO/CISO positions aren't technical positions, they're business positions so focus on those skills.

    CISO doesn't necessarily have to be a step before CIO, you can aim for CIO straight ahead.

    I'm not an executive though, so please take my advice with a grain of salt.
    Goal: MBA, March 2020
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks