Alta Associates
Specialists in executive recruitment for over 20 years.
8 Bartles Corner Road, Flemington, NJ 08822 • P: 908.806.8442 • info@altaassociates.com
Expert Advice
Joyce Brocaglia is the executive career advisor for CSO magazine. The following questions and answers are featured on CSO's online magazine (www.csoonline.com).
- I am a security professional, hold a CISSP certification, and am pursuing a GSEC certification. I have about 10 years of experience in IT and security, mostly with military and Big 5 consulting firms. How should I go about transitioning into a senior security manager role? Is an advanced degree desirable, and if so, is a technical MS desired, or an MBA?
- How can you convince corporate management of the importance of having a CSO? Federal laws such as Gramm-Leach-Bliley and HIPAA have not been helpful because they don't come out and state in clear language that a CSO is needed. I am in a director position and have been given the daunting task of managing corporate information security, yet, I can't get staff nor does management believe I should be reporting outside of the IT department. In fact, I don't even answer to the CIO, I answer one level below him.
- What education does a CSO typically have? From my understanding they come from the technical side. To get to the executive level do you need an MBA or similar degree?
- I have a broad background in IT, scientific research and business. I have been VP of engineering, CTO, COO and CEO in various companies. I have worked in areas as diverse as computer graphics and simulation to financial services. This experience includes raising venture capital and communicating with C-level executives in Fortune 500 companies. I have varied experience with information security, but not a deep background. I am currently formalizing my existing experience by obtaining certifications (e.g., GIAC and CISSP). My question is, given the lack of direct security role experience in my background, how will potential employers view my skills and lack of direct management experience when applying for senior infosec positions?
- What is the best way to find an enterprise CSO candidate?
- When hiring information security personnel is certification indicative of expertise? If so, which certification is best? Or is experience more important?
- Please provide me with some information on part-time or online continuing education and/or certification courses in the area of information security.
- I will be graduating from college soon and I am very interested in climbing the ranks to become a CSO. I have three years of IT experience in an educational environment. What are my next steps?