Abstract
The Chief Information Security Officer (CISO) is facing particular career challenges, being rooted in a quickly changing field where managerial tasks are applied to a highly specialized technical foundation. The objective of this study is to explore individuals’ careers that led them to aspire to and achieve the role.
22 current and former CISOs have been interviewed for this project. One can identify four segments of career patterns, based upon a broad classification into a preference for problem solving or organization building. Orthogonally, one can identify the orientation of the individual’s Psychological Contract towards the employing organization and its representatives, or towards the professional community at large.
Many respondents displayed signs of protean career management in their career history and in the description of their plans going forward. While individuals may not always consciously realize it the need to manage their own career is prominently ingrained in their career philosophy and aspiration. Shared concerns were a requirement for active career management and potentially career limiting decisions.
This study provides a reference framework for security management careers, based on established structural and psychological concepts from the field of career research. Statistically representative analysis and longitudinal studies can be based upon this framework but are not attempted here.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bailyn, L.: Involvement and Accomodation in Technical Careers: An Inquiry into the Relation to Work at Mid-Career, in J Van Maanen (ed), Organizational careers: Some new perspectives, John Wiley & Sons, 1997, 109-132
Baruch, Y.: No such thing as a global manager, Business Horizons, 2002, 45(1):36-42.
Baruch, Y.: The Desert Generation, Personnel Review, 2003, 32(5/6).
Baruch, Y.: Managing careers: Theory and practice, Prentice Hall, 2004.
Berlich, P.: How to Recruit the Right Security Professional and How to be the Person that Gets Recruited, presentation at SecureCapeTown 2007
Berlich, P.: Exploring Executive Career Paths in Information Security (Thesis, unpublished), Henley Business School, 2010
Kompass der IT-Sicherheitsstandards - Leitfaden und Nachschlagewerk. Berlin, Germany, BIT- KOM, 2007
Drucker, P.: Management: Tasks, Responsibilities, Practices, Butterworth-Heinemann Ltd., 1974
Eichstadt, U. & Haucke, A. & Pieper, A.: Aus der Abwehr in den Beichtstuhl. Enclosure to  <  kes  >  2/2008
The 2008 (ISC)2 Global Information Security Workforce Study. Frost & Sullivan and (ISC)2, 2008
Glaser, B.G. & Strauss, A.L.: The Discovery of Grounded Theory: Strategies for Qualitative Research, Aldine de Gruyter, 1999
Holland, J.L.: Making vocational choices: a theory of vocational personalities and work environments, 3rd ed. Psychological Assessment Resources, 1997
ISO/IEC 27002:2005 Information security management systems - Requirements, 2005
Jones, C.; DeFillipi, R.J.: Back to the future in film: Combining industry and self-knowledge to meet career challenges of the 21st century, Academy of Management Executive, 10(4):91.
Osipow, S.H. & Fitzgerald, L.F.: Theories of career development, Allyn and Bacon, 1996
Parkinson, A.P.: The Changing Nature of the Employment Relationship: mapping a subjective terrain of the psychological contract (Thesis). Henley Management College, 1998
Rapoport, R.: Mid-Career Development, Routledge, 2003
Rousseau, D.M.: Psychological contracts in organizations: Understanding written and unwritten agreements, Sage, 1995
Rousseau, D.M.: Psychological Contracts in the Workplace: Understanding the Ties That Motivate, Academy of Management Executive, 2004, 18(1):120-7
Schein, E.H.: The Individual, the Organization, and the Career: A Conceptual Scheme, Alfred P. Sloan School of Management, 1968
Schein, E.H.: The Individual, the Organization, and the Career - a Conceptual Scheme, The Journal of Applied Behavioral Science, 1971, 7(4):401-26.
Schein, E.H.: Career Dynamics: Matching Individual and Organizational Needs, Addison-Wes- ley, 1978
Schein, E.H.: Career Anchors: Discovering your real values, Pfeiffer & Co, 1993
Schein, E.H.: Career anchors revisited: Implications for career development in the 21st century. The Academy of Management Executive, 1996
Siponen, M.T.: Towards maturity of information security maturity criteria: six lessons learned from software maturity criteria, Information Management & Computer Security, 2002, 10(5):210-24.
Steele, C. & Francis-Smythe, J.: Proceedings of the British Psychological Society’s 2007 Occupational Psychology Conference, British Psychological Society, 2007
Watts, A.G. & Super, D.E. & Kidd, J.M.: Career Development in Britain, Hobsons Publishing PLC, 1981
Whitten, D.: The Chief Information Security Officer: An Analysis of the Skills Required for Success, Journal of Computer Information Systems, 2008, 48(3):15-9
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Fachmedien Wiesbaden
About this chapter
Cite this chapter
Berlich, P. (2013). Executive Career Paths in Information Security Management. In: Reimer, H., Pohlmann, N., Schneider, W. (eds) ISSE 2013 Securing Electronic Business Processes. Springer Vieweg, Wiesbaden. https://doi.org/10.1007/978-3-658-03371-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-658-03371-2_13
Publisher Name: Springer Vieweg, Wiesbaden
Print ISBN: 978-3-658-03370-5
Online ISBN: 978-3-658-03371-2
eBook Packages: Computer ScienceComputer Science (R0)