Executive Career Paths in Information Security Management
The Chief Information Security Officer (CISO) is facing particular career challenges, being rooted in a quickly changing field where managerial tasks are applied to a highly specialized technical foundation. The objective of this study is to explore individuals’ careers that led them to aspire to and achieve the role.
22 current and former CISOs have been interviewed for this project. One can identify four segments of career patterns, based upon a broad classification into a preference for problem solving or organization building. Orthogonally, one can identify the orientation of the individual’s Psychological Contract towards the employing organization and its representatives, or towards the professional community at large.
Many respondents displayed signs of protean career management in their career history and in the description of their plans going forward. While individuals may not always consciously realize it the need to manage their own career is prominently ingrained in their career philosophy and aspiration. Shared concerns were a requirement for active career management and potentially career limiting decisions.
This study provides a reference framework for security management careers, based on established structural and psychological concepts from the field of career research. Statistically representative analysis and longitudinal studies can be based upon this framework but are not attempted here.
- [Bail77]Bailyn, L.: Involvement and Accomodation in Technical Careers: An Inquiry into the Relation to Work at Mid-Career, in J Van Maanen (ed), Organizational careers: Some new perspectives, John Wiley & Sons, 1997, 109-132Google Scholar
- [Baru02]Baruch, Y.: No such thing as a global manager, Business Horizons, 2002, 45(1):36-42.Google Scholar
- [Baru03]Baruch, Y.: The Desert Generation, Personnel Review, 2003, 32(5/6).Google Scholar
- [Baru04]Baruch, Y.: Managing careers: Theory and practice, Prentice Hall, 2004.Google Scholar
- [Berl07]Berlich, P.: How to Recruit the Right Security Professional and How to be the Person that Gets Recruited, presentation at SecureCapeTown 2007Google Scholar
- [Berl10]Berlich, P.: Exploring Executive Career Paths in Information Security (Thesis, unpublished), Henley Business School, 2010Google Scholar
- [Bitk07]Kompass der IT-Sicherheitsstandards - Leitfaden und Nachschlagewerk. Berlin, Germany, BIT- KOM, 2007Google Scholar
- [Druc74]Drucker, P.: Management: Tasks, Responsibilities, Practices, Butterworth-Heinemann Ltd., 1974Google Scholar
- [EiHP08]Eichstadt, U. & Haucke, A. & Pieper, A.: Aus der Abwehr in den Beichtstuhl. Enclosure to < kes > 2/2008Google Scholar
- [Fros08]The 2008 (ISC)2 Global Information Security Workforce Study. Frost & Sullivan and (ISC)2, 2008Google Scholar
- [GlSt99]Glaser, B.G. & Strauss, A.L.: The Discovery of Grounded Theory: Strategies for Qualitative Research, Aldine de Gruyter, 1999Google Scholar
- [Holl97]Holland, J.L.: Making vocational choices: a theory of vocational personalities and work environments, 3rd ed. Psychological Assessment Resources, 1997Google Scholar
- [ISO05]ISO/IEC 27002:2005 Information security management systems - Requirements, 2005Google Scholar
- [JoDe96]Jones, C.; DeFillipi, R.J.: Back to the future in film: Combining industry and self-knowledge to meet career challenges of the 21st century, Academy of Management Executive, 10(4):91.Google Scholar
- [OsFi96]Osipow, S.H. & Fitzgerald, L.F.: Theories of career development, Allyn and Bacon, 1996Google Scholar
- [Park98]Parkinson, A.P.: The Changing Nature of the Employment Relationship: mapping a subjective terrain of the psychological contract (Thesis). Henley Management College, 1998Google Scholar
- [Rapo03]Rapoport, R.: Mid-Career Development, Routledge, 2003Google Scholar
- [Rous95]Rousseau, D.M.: Psychological contracts in organizations: Understanding written and unwritten agreements, Sage, 1995Google Scholar
- [Rous04]Rousseau, D.M.: Psychological Contracts in the Workplace: Understanding the Ties That Motivate, Academy of Management Executive, 2004, 18(1):120-7Google Scholar
- [Sche68]Schein, E.H.: The Individual, the Organization, and the Career: A Conceptual Scheme, Alfred P. Sloan School of Management, 1968Google Scholar
- [Sche71]Schein, E.H.: The Individual, the Organization, and the Career - a Conceptual Scheme, The Journal of Applied Behavioral Science, 1971, 7(4):401-26.Google Scholar
- [Sche78]Schein, E.H.: Career Dynamics: Matching Individual and Organizational Needs, Addison-Wes- ley, 1978Google Scholar
- [Sche93]Schein, E.H.: Career Anchors: Discovering your real values, Pfeiffer & Co, 1993Google Scholar
- [Sche96]Schein, E.H.: Career anchors revisited: Implications for career development in the 21st century. The Academy of Management Executive, 1996Google Scholar
- [Sipo02]Siponen, M.T.: Towards maturity of information security maturity criteria: six lessons learned from software maturity criteria, Information Management & Computer Security, 2002, 10(5):210-24.Google Scholar
- [StFr07]Steele, C. & Francis-Smythe, J.: Proceedings of the British Psychological Society’s 2007 Occupational Psychology Conference, British Psychological Society, 2007Google Scholar
- [WaSK81]Watts, A.G. & Super, D.E. & Kidd, J.M.: Career Development in Britain, Hobsons Publishing PLC, 1981Google Scholar
- [Whit08]Whitten, D.: The Chief Information Security Officer: An Analysis of the Skills Required for Success, Journal of Computer Information Systems, 2008, 48(3):15-9Google Scholar