Career Path to Director of INFOSEC?

ArabianKnight

Just wanted a typical career path you may take to reach this this position. Generally how long and job titles along the way.....

Something like this maybe.....Security Analyst 1,2,3, SOC Manager, CISO, D of INFOSEC?

Look forward to your inputs.

GarudaMin

You have the order wrong, as far as I know, CISO is higher than director (it's a C suite). My path, so far, helpdesk -> jr. system admin -> system admin -> infosec analyst -> sr. infosec engineer -> infosec manager. 10 years in the making with 3 different organizations and many certifications (only security related certs are up to date, I have let others expired).

Disgruntled3lf

C-level is definetly higher. But essentially it's going to progress Entry-level IT (foot in door) >> Jr. Something (First "Real" tech job) >> Mid-level something (experience base complete here) >> INFOSEC job (yay! we made it) >> INFOSEC job II (now we're making plans not executing the plans of others) >> INFOSEC Bossman (we're giving big-ish picture guidance to the planners) >> past this point it's about contacts and being in the right place at the right time. You don't have to hit all the steps but I've found it's rare to find someone in a dedicated security role without 5 years experience. The beauty of security is that development, system administration, NOC, database, etc is all valuable experience. Also, there is no "typical" path to follow. Get in the market, know where you want to go, and make consistent effort to get there.

Cyberscum

ArabianKnight wrote: »

Just wanted a typical career path you may take to reach this this position. Generally how long and job titles along the way.....

Something like this maybe.....Security Analyst 1,2,3, SOC Manager, CISO, D of INFOSEC?

Look forward to your inputs.

Typical, I don’t think there is a typical path. Mine went like this...

ISSM…That’s it. No junior anything.

I have had offers to jump ship for a director role, but I have other plans for my career.

If you are serious about security and a hard worker, great public speaker, have awesome interpersonal skills and have a great ability to persuade people you will fall into these roles given the right circumstances.
Good luck.

ArabianKnight

This position pays between 200-400k and wanted 10+ years of INFOSEC experience. I assumed there were other security management roles that needed to be hit before salaries like this arrived.

Cyberscum

Your assumption would be correct.

Cyberscum

If you want a typical path here ya go.
But like I said these are just stats, I did not follow this at all.

Become a CISO or Director of Security - Education, Career, Salary Information : INFOSEC INSTITUTE

MSP-IT

This seems to be your typical "do it for the money" post, without much thought going into it. Please, for the sake of the industry, if you're really only wanting it for the money, find another career path.

Though if you're actually serious about wanting to serve as a lead in management of Information Security, focus on your soft skills, empathy, and a meta-ego; the rest will follow. You'd be doing a disservice to the rest of us who care about the industry if you approach it in the wrong way.

ArabianKnight

Not in it for the money, I love this stuff! Was just curious about the typical path one would take to get here.

If I was strictly motivated by money I would be working on Wall Street:D

cyberguypr

I gotta say, that's an awfully wide range. CISOs I've personally known come from different paths. My current was an Infosec Analyst > Engineer > IS Manager > CISO. At my previous place it was Compliance > Audit > Infosec Director > CISO.

Keep an eye on this column at Dark Reading:
How I Became A CISO: Quinn Shamblin, Boston University
How I Became a CISO: Jonathan Trull, Qualys
http://www.darkreading.com/how-i-became-a-ciso-jennings-aske-nuance-communications/d/d-id/1317356