Advice on next step to advance career (it's a long post)
Paul_H
Member Posts: 7 ■■■□□□□□□□
I'm looking for some advice on how to proceed in the next step in my career.
First, some background. I have a BSE in computer science and engineering from a state university, graduated in 2000. My first job I stared out as an AIX/Solaris/Linux admin and that evolved into my running the school of engineering's computer security and policy program. I then spent several years doing software development. In my current job, where I've been for 14 years, I've work several hats; Integration Lead, Chief System Architect, and Senior Systems Engineer. I've spent the last 7 years on projects where I split my time between project management, software development, and meeting DoD requirements related to standalone classified processing systems; risk management, disaster recover planning, secure software development, etc.
I've gone as far as I can in my current company as far as growth goes and I'm looking to make a change. I want to move into a position that is primarily focused on information assurance and security. I'm looking to move into a position that would put me on a CISO track, so in my mind more managerial, policy, planning and less day-to-day in-depth technical.
On the technical side I feel that given my background and experience that I can learn most of what I need on my own and supplement where needed with specific training. Where I feel weakest is on the business side of the equation. Which leads me to my questions.
What advice would you offer on how to pick up the non-technical knowledge I'm missing to achieve my goal of CISO, someday. I'll expect to have my CISSP end of October. I'm thinking of going back to school and have three programs in mind, and I can't decide which one would be best or if a Masters is the right choice at all.
Norwich University, M.S. in Information Security and Assurance. I'm already accepted, but have concerns as to the level of business acumen I would learn.
University of Alabama at Birmingham, Collat school of business, M.S. in Management Information Systems, concentration in . Already accepted. Program bills itself as the degree for technical people looking to move into management. Concerned that it will not be as marketable as the MSISA or an MBA
MBA with concentration in Management Information Systems. Either University of Arizona, Eller school of business, or University of Alabama, Collat. Concerned that I won't need that depth of general business knowledge.
I know this was long, so thanks for reading all the way through. I appreciate any advice you may have.
--
Paul
First, some background. I have a BSE in computer science and engineering from a state university, graduated in 2000. My first job I stared out as an AIX/Solaris/Linux admin and that evolved into my running the school of engineering's computer security and policy program. I then spent several years doing software development. In my current job, where I've been for 14 years, I've work several hats; Integration Lead, Chief System Architect, and Senior Systems Engineer. I've spent the last 7 years on projects where I split my time between project management, software development, and meeting DoD requirements related to standalone classified processing systems; risk management, disaster recover planning, secure software development, etc.
I've gone as far as I can in my current company as far as growth goes and I'm looking to make a change. I want to move into a position that is primarily focused on information assurance and security. I'm looking to move into a position that would put me on a CISO track, so in my mind more managerial, policy, planning and less day-to-day in-depth technical.
On the technical side I feel that given my background and experience that I can learn most of what I need on my own and supplement where needed with specific training. Where I feel weakest is on the business side of the equation. Which leads me to my questions.
What advice would you offer on how to pick up the non-technical knowledge I'm missing to achieve my goal of CISO, someday. I'll expect to have my CISSP end of October. I'm thinking of going back to school and have three programs in mind, and I can't decide which one would be best or if a Masters is the right choice at all.
Norwich University, M.S. in Information Security and Assurance. I'm already accepted, but have concerns as to the level of business acumen I would learn.
University of Alabama at Birmingham, Collat school of business, M.S. in Management Information Systems, concentration in . Already accepted. Program bills itself as the degree for technical people looking to move into management. Concerned that it will not be as marketable as the MSISA or an MBA
MBA with concentration in Management Information Systems. Either University of Arizona, Eller school of business, or University of Alabama, Collat. Concerned that I won't need that depth of general business knowledge.
I know this was long, so thanks for reading all the way through. I appreciate any advice you may have.
--
Paul
Comments
-
TheFORCE
Member Posts: 2,297 ■■■■■■■■□□
If you want to go the CISO route, go for an MBA program. You already have a lot of experience in the field, if you want to complement the assurance area go for a certificate like the CISSP or CISM. The MBA and those certs will give you more leverage than a MISA degree.
-
EANx
Member Posts: 1,077 ■■■■■■■■□□
A CISO is first and foremost a C-suite officer at a company. This means he needs to be able to understand the security needs of the business.You cn't do that without business knowledge. As a CISSP for the last decade, I second the recommendation for a business degree. -
roninkai
Member Posts: 307 ■■■■□□□□□□
A business degree and possibly a CISM on top of the CISSP.浪人 MSISA:WGU
ICP-FDO ▪ CISSP ▪ ECES ▪ CHFI ▪ CNDA ▪ CEH ▪ MCSA/MCITP ▪ MCTS ▪ S+
2020 Level Up Goals: (1) DevSecOps Learning Path (2) OSCP -
Paul_H
Member Posts: 7 ■■■□□□□□□□
Thank you all for the feedback. I was helpful, and I appreciate it.
--
Paul