Executive Career Paths in Information Security Management

  • Peter Berlich

Abstract

The Chief Information Security Officer (CISO) is facing particular career challenges, being rooted in a quickly changing field where managerial tasks are applied to a highly specialized technical foundation. The objective of this study is to explore individuals’ careers that led them to aspire to and achieve the role.

22 current and former CISOs have been interviewed for this project. One can identify four segments of career patterns, based upon a broad classification into a preference for problem solving or organization building. Orthogonally, one can identify the orientation of the individual’s Psychological Contract towards the employing organization and its representatives, or towards the professional community at large.

Many respondents displayed signs of protean career management in their career history and in the description of their plans going forward. While individuals may not always consciously realize it the need to manage their own career is prominently ingrained in their career philosophy and aspiration. Shared concerns were a requirement for active career management and potentially career limiting decisions.

This study provides a reference framework for security management careers, based on established structural and psychological concepts from the field of career research. Statistically representative analysis and longitudinal studies can be based upon this framework but are not attempted here.

Keywords

Stake 

References

  1. [Bail77]
    Bailyn, L.: Involvement and Accomodation in Technical Careers: An Inquiry into the Relation to Work at Mid-Career, in J Van Maanen (ed), Organizational careers: Some new perspectives, John Wiley & Sons, 1997, 109-132Google Scholar
  2. [Baru02]
    Baruch, Y.: No such thing as a global manager, Business Horizons, 2002, 45(1):36-42.Google Scholar
  3. [Baru03]
    Baruch, Y.: The Desert Generation, Personnel Review, 2003, 32(5/6).Google Scholar
  4. [Baru04]
    Baruch, Y.: Managing careers: Theory and practice, Prentice Hall, 2004.Google Scholar
  5. [Berl07]
    Berlich, P.: How to Recruit the Right Security Professional and How to be the Person that Gets Recruited, presentation at SecureCapeTown 2007Google Scholar
  6. [Berl10]
    Berlich, P.: Exploring Executive Career Paths in Information Security (Thesis, unpublished), Henley Business School, 2010Google Scholar
  7. [Bitk07]
    Kompass der IT-Sicherheitsstandards - Leitfaden und Nachschlagewerk. Berlin, Germany, BIT- KOM, 2007Google Scholar
  8. [Druc74]
    Drucker, P.: Management: Tasks, Responsibilities, Practices, Butterworth-Heinemann Ltd., 1974Google Scholar
  9. [EiHP08]
    Eichstadt, U. & Haucke, A. & Pieper, A.: Aus der Abwehr in den Beichtstuhl. Enclosure to  <  kes  >  2/2008Google Scholar
  10. [Fros08]
    The 2008 (ISC)2 Global Information Security Workforce Study. Frost & Sullivan and (ISC)2, 2008Google Scholar
  11. [GlSt99]
    Glaser, B.G. & Strauss, A.L.: The Discovery of Grounded Theory: Strategies for Qualitative Research, Aldine de Gruyter, 1999Google Scholar
  12. [Holl97]
    Holland, J.L.: Making vocational choices: a theory of vocational personalities and work environments, 3rd ed. Psychological Assessment Resources, 1997Google Scholar
  13. [ISO05]
    ISO/IEC 27002:2005 Information security management systems - Requirements, 2005Google Scholar
  14. [JoDe96]
    Jones, C.; DeFillipi, R.J.: Back to the future in film: Combining industry and self-knowledge to meet career challenges of the 21st century, Academy of Management Executive, 10(4):91.Google Scholar
  15. [OsFi96]
    Osipow, S.H. & Fitzgerald, L.F.: Theories of career development, Allyn and Bacon, 1996Google Scholar
  16. [Park98]
    Parkinson, A.P.: The Changing Nature of the Employment Relationship: mapping a subjective terrain of the psychological contract (Thesis). Henley Management College, 1998Google Scholar
  17. [Rapo03]
    Rapoport, R.: Mid-Career Development, Routledge, 2003Google Scholar
  18. [Rous95]
    Rousseau, D.M.: Psychological contracts in organizations: Understanding written and unwritten agreements, Sage, 1995Google Scholar
  19. [Rous04]
    Rousseau, D.M.: Psychological Contracts in the Workplace: Understanding the Ties That Motivate, Academy of Management Executive, 2004, 18(1):120-7Google Scholar
  20. [Sche68]
    Schein, E.H.: The Individual, the Organization, and the Career: A Conceptual Scheme, Alfred P. Sloan School of Management, 1968Google Scholar
  21. [Sche71]
    Schein, E.H.: The Individual, the Organization, and the Career - a Conceptual Scheme, The Journal of Applied Behavioral Science, 1971, 7(4):401-26.Google Scholar
  22. [Sche78]
    Schein, E.H.: Career Dynamics: Matching Individual and Organizational Needs, Addison-Wes- ley, 1978Google Scholar
  23. [Sche93]
    Schein, E.H.: Career Anchors: Discovering your real values, Pfeiffer & Co, 1993Google Scholar
  24. [Sche96]
    Schein, E.H.: Career anchors revisited: Implications for career development in the 21st century. The Academy of Management Executive, 1996Google Scholar
  25. [Sipo02]
    Siponen, M.T.: Towards maturity of information security maturity criteria: six lessons learned from software maturity criteria, Information Management & Computer Security, 2002, 10(5):210-24.Google Scholar
  26. [StFr07]
    Steele, C. & Francis-Smythe, J.: Proceedings of the British Psychological Society’s 2007 Occupational Psychology Conference, British Psychological Society, 2007Google Scholar
  27. [WaSK81]
    Watts, A.G. & Super, D.E. & Kidd, J.M.: Career Development in Britain, Hobsons Publishing PLC, 1981Google Scholar
  28. [Whit08]
    Whitten, D.: The Chief Information Security Officer: An Analysis of the Skills Required for Success, Journal of Computer Information Systems, 2008, 48(3):15-9Google Scholar

Copyright information

© Springer Fachmedien Wiesbaden 2013

Authors and Affiliations

  • Peter Berlich
    • 1
  1. 1.Lucerne University of Applied Sciences and ArtsLuzernSwitzerland

Personalised recommendations