I am perfectly happy with the state of my career. I'm where I am needed and wanted, and have an opportunity to serve my customers in a way I find rewarding. That does not mean I do not compare my expertise and experience against current vacancies in the job market. It is my personal skill 360, seeing if there are gaps that I need to fill. My obtaining the Technology Management masters and CIO Certificate in 2020 was a similar fine tuning.
What have I learned in this iteration? I looked at Chief Information and Technical Officer (CIO & CTO) vacancies in a few major technology labor markets to see what was sought. Generally speaking, they look for skills I already have. Some jobs require industry-specific expertise, which my career in government does not translate.
One interesting required skill set, however, was the CISSP (Certified Information Systems Security Professional). That led to me rabbit holing on what that certificate entails. There were three aspects of CISSP that lends itself to an ideal CIO job requirement.
First, CISSP requires that one "think like a manager." That is, when looking at a challenge, use the executive lens instead of the technical one. As I understand, the CISSP exam tests this by giving you two right answers to a question, but one is only correct from the manager's perspective. As a CIO requirement, this ensures they have a suitable business mindset.
Second, CISSP requires a minimum set of experience in two of its eight domains. This depth of experience ensures the CIO candidate has a strong enough technical background to be successful. I have nearly 20 years IT experience, and I wonder whether I measure up.
Finally, CISSP requires a strong understanding of cybersecurity. That is its primary purpose. CISSP requires one to think of Security first. This is table stakes in the current era. The Internet is a hostile environment to operate. Any CIO or CTO should have a strong understanding.
There are two other things it signals to me. First, I would rather work for an organization that expects CISSP for its executive technical leadership. Second, I should pursue what the CISSP teaches, even if I don't attempt the certificate. I believe I have a solid security mindset, but would I measure up. Never assume when you can confirm.
To that end, I got the Dummies book on CISSP to get a broad overview. The CISSP continuing education credits are gained by various means, including listening to Cyber Security podcasts. I added a few to my Spotify backlog...and immediately learned something that added to my skillset.
What have I learned in this iteration? I looked at Chief Information and Technical Officer (CIO & CTO) vacancies in a few major technology labor markets to see what was sought. Generally speaking, they look for skills I already have. Some jobs require industry-specific expertise, which my career in government does not translate.
One interesting required skill set, however, was the CISSP (Certified Information Systems Security Professional). That led to me rabbit holing on what that certificate entails. There were three aspects of CISSP that lends itself to an ideal CIO job requirement.
First, CISSP requires that one "think like a manager." That is, when looking at a challenge, use the executive lens instead of the technical one. As I understand, the CISSP exam tests this by giving you two right answers to a question, but one is only correct from the manager's perspective. As a CIO requirement, this ensures they have a suitable business mindset.
Second, CISSP requires a minimum set of experience in two of its eight domains. This depth of experience ensures the CIO candidate has a strong enough technical background to be successful. I have nearly 20 years IT experience, and I wonder whether I measure up.
Finally, CISSP requires a strong understanding of cybersecurity. That is its primary purpose. CISSP requires one to think of Security first. This is table stakes in the current era. The Internet is a hostile environment to operate. Any CIO or CTO should have a strong understanding.
There are two other things it signals to me. First, I would rather work for an organization that expects CISSP for its executive technical leadership. Second, I should pursue what the CISSP teaches, even if I don't attempt the certificate. I believe I have a solid security mindset, but would I measure up. Never assume when you can confirm.
To that end, I got the Dummies book on CISSP to get a broad overview. The CISSP continuing education credits are gained by various means, including listening to Cyber Security podcasts. I added a few to my Spotify backlog...and immediately learned something that added to my skillset.
--
Ben
In tenebris solus sto