Path to CISO. Which MBA should I choose?

I’m currently employed as a Cybersecurity Consultant. I’m helping clients build and manage their information security programs.

I earned the MSISA from WGU last year. I also earned the CISSP.

My long term goal is to eventually transition from Consulting to a CISO position (and potentially a CIO position much later in my career).

Certification Goals:

CISM (studying for now)
EC-Council CCISO (2019)

Education Goals:

I don’t think an MBA will be neccesary to transition to a CISO role down the road, but it could prove to be helpful if I want to transition to a CIO role in the next 15 to 20 years.

I’m considering the following universities (online programs):

* Western Governors University: MBA IT Management
* Southern New Hampshire University: MBA IT Management
* Morehead State University: MBA
* Eastern Kentucky University: MBA
* Murray State University: MBA

I would appreciate feedback from current (and aspiring) CISOs.
Education: MS-Information Security and Assurance from Western Governors University, BS-Business Information Systems from Indiana Wesleyan University, AAS-Computer Network Systems - ITT Tech,


  • shodownshodown Posts: 2,271Member
    I'm not sure how those MBA's will help you become the CISO and potentially CIO later on. I would just focus on getting one. The next thing I would work on is being a superior performer in current positions. This means being at the top of the food chain amongst your peers. The next thing to work on are the soft leadership skills. Listening, speaking, writing and getting buy-in from people above and below you, and knowing the right information at the right time and using it to your and the company's advantage. Sadly not many of the last skills can really be taught in class, they come from experience and mentorship and the right grooming environments.
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
  • TechGuru80TechGuru80 Posts: 1,535Member ■■■■■□□□□□
    If you really want to be a CISO or CIO, you need to get into a management role at a company. Consulting is great because you get exposure to different environments, however you only see a subset of issues and implementation/execution aren’t typically a part of a consultants job...meaning you come in and can see problems and make recommendations but you don’t typically manage them all the way through resolution.

    PMP needs to be on your list but honestly I wouldn’t even worry about an MBA until you are in a management role.

    Lastly, going from CISO to CIO isn’t probably going to mesh well as a path because the interests are different between the two. Security is rising into its own vertical, so you really should try to focus on one path.
  • jdancerjdancer Posts: 476Member ■■■■□□□□□□
    As was posted before, get on a management track first.

    Once you are years in your position, have your organization pay for an Executive MBA.

    I won't bother with a general MBA when starting in management.
  • roxerroxer Posts: 130Member
    You don't need an MBA to be a CISO or a CIO. Does it help? Sure. I think the more apt suggestion is to learn the business and how you can leverage security and IT to grow and increase revenues, efficiencies, or profits. An MBA shows you have learned material to understand bushiness, but you can start by having conversations with the executive level folks now. Knowing and doing are two different things. Show them you are interested in their problems and help create solutions that solve them--even if it means NOT using technology. Correcting a process to gain efficiencies is just as effective or more so than dropping a piece of tech on the desk, and much cheaper too. To the business world, you need to speak their language and understand what constraints, forecasting, and valuation mean and how to apply them. Learn how to do ROI, TCO, NPV, and other formulations. You can get an MBA later, but you can learn the business and show you are a team player right now. Just my two cents.
    2018 Goals:
    To Complete: CISSP-ISSAP | CCSP | CAPM
    Start Master's Degree: WGU - MBA.ITM

    B.S., Business Studies in Computer Information Technology | SNHU
  • roxerroxer Posts: 130Member
    Oh, and learn how to make presentations (power point) and present. Nothing like a well developed presentation to get managements attention. Soft skills are a BIG yes to management.
    2018 Goals:
    To Complete: CISSP-ISSAP | CCSP | CAPM
    Start Master's Degree: WGU - MBA.ITM

    B.S., Business Studies in Computer Information Technology | SNHU
  • RemedympRemedymp Posts: 834Member
    IIRC, there was a CISO of a famous company that was equihacked not too long ago. That person had a degree in Muisc studies...
  • DZA_DZA_ Untitled. Posts: 295Member ■■■■□□□□□□
    I was thinking about posting the same thread but totally backed off. As for resources go, I recommend reading the following book:

    I'm just pretty much finishing it. You'd be surprised of how much insightful content are in that condensed little book written by a combination of CISOs and their experiences. You'll learn from their mistakes at their expense and not yours! Good luck on your way to becoming a CISO.
  • EANxEANx Posts: 959Member ■■■■■□□□□□
    2018: CCIE Written (R/S) (done - Jan), CCIE R/S
    After that: MBA, OSCP
  • UnixGuyUnixGuy Are we having fun yet? Posts: 3,880Mod Mod
    I would aim to get the best (according to ranking) MBA you can possibly get. Be prepared to pay big bucks for a brand name MBA.

    Being in consulting is a good step. You need to start cultivating business skills now, in general areas such as finance, marketing, strategy, policy, and leadership. Get the best MBA you can get. You have all the technical skills that you'll ever need, however a CIO/CISO positions aren't technical positions, they're business positions so focus on those skills.

    CISO doesn't necessarily have to be a step before CIO, you can aim for CIO straight ahead.

    I'm not an executive though, so please take my advice with a grain of salt.
    Goal: MBA, March 2020
Sign In or Register to comment.