Talented cybersecurity professionals are in huge demand. The number of open cybersecurity jobs globally grew 350% between 2013 and 2021, from 1 million to 3.5 million, according to research from Secureworks.
That’s a big issue as no one can afford to skimp on skilled IT security staff because of ever-growing macro-economic and geopolitical challenges that present fresh risks to the business.
In fact, research from recruiter Nash Squared suggests managing cybersecurity has never been more challenging – and the bigger an organisation is, the more likely it is to be attacked.
Therefore, it’s crucial that enterprises have a talented CISO in situ; someone who is responsible for overseeing cybersecurity and ensuring data and systems are safe and secure.
So, what characteristics do you need if you’re a cybersecurity professional and you want to reach the very top of the career ladder?
For Stu Hirst, CISO at Trustpilot, the answer is clear: integrity, empathy, and resilience.
These three qualities have become increasingly important for CISOs, says Hirst, who has years of practice building IT defences at big-name companies such as Capital One UK, Trainline and Just Eat.
When it comes to integrity, he says a certain level of honesty is crucial for anyone who wants to be an effective cyber chief.
As CISO for consumer review website Trustpilot, a public company that’s listed on the London Stock Exchange, Hirst reports to the board.
It’s absolutely critical he provides a “warts and all view” of what’s happening now and what might happen next.
“I don’t try and paint a picture that isn’t happening,” he says.
“I try and give a pragmatic view of what the industry is doing, where the company’s at, and what’s required as the next step. I think you need to have integrity to be able to do that and be comfortable being extremely honest with the information you have.”
In terms of empathy, Hirst says the work that modern CISOs undertake to keep systems and data safe secure means their interactions span the entire range of business activities.
“You’ve got to be empathetic to what’s going on in other teams and how your role and the work the security team does might affect them,” he says.
Finally, CISOs must be resilient. Hirst says working in security is tough at the best of times. But when you’re responsible for cyber defences at a big business, you need to be really robust.
“We deal with a lot of nonsense in security, unfortunately, and it can be a high-stress job,” he says.
“I think you’ve got to be capable of dealing with changing landscapes, conflicting ideas and priorities, and different people shouting at you at different times from different angles.”
Hirst recognises the pressure that comes with being a CISO can be tough for some professionals to handle.
Cybersecurity work often involves what he refers to as high-stress environments, where you either don’t know what’s happening or you’re waiting for something bad to happen.
Bev White, chief executive at Nash Squared, says the almost-constant demands involved in the CISO role mean cybersecurity professionals should ask an important question: is it the right role for you?
“Be careful what you ask for because it’s not easy at the top,” she says.
“Making sure people have the skills and are fully equipped, resilience-wise, to deal with the role when they get to the top is really important.”
The pressures involved in working in cybersecurity – especially given the context of stretched resources due to an ever-growing skills gap – mean that some people might decide they’d rather leave the industry altogether rather than carry on climbing the ladder.
For White, that’s a big shame. “I think it’s a bittersweet decision,” she says.
“We’re finding that more cybersecurity professionals are questioning whether should they take a different career path or whether they should they carry on with the one they have.”
With an ever-growing cyber skills gap, it’s a matter of urgency that everyone at the top of the IT industry encourages talented cybersecurity professionals to not just stick around but to hone their craft and feel confident they’re developing a long-term and fulfilling career.
That’s something that resonates strongly with Hirst, who looks to guide up-and-coming cyber stars and who is heavily involved in the security community, including speaking to ZDNET from the ScotSoft annual tech conference run by trade body ScotlandIS.
He believes many cybersecurity professionals suffer from ‘imposter syndrome’ and it’s something that definitely affected him in the past.
“I’ve probably just about overcome it over the years,” he says. “I think it’s more prevalent in security for the simple reason that there are so many things we have to understand. And it’s impossible to know all of them.”
But despite the trials and tribulations involved in climbing the career ladder, Hirst still relishes the problem-solving aspects of the role and enjoys the cultural side of leadership, particularly trying to build and motivate teams.
Reflecting on his journey to becoming a CISO, Hirst offers five tips for cybersecurity professionals who are looking to make their way in the industry:
- Learn from others – If you want to be a CISO, spend time talking to and learning from others who have already done the role
- Truly understand risk – Define what risk means to the business and know how to prioritise it because that’s the key element of a CISO’s day-to-day role
- Build a balance of skills – Develop an equal understanding of technical and business knowledge because senior roles demand capability in both of those areas
- Look after yourself physically and mentally – Security leaderships is a high-pressure job that can involve some very stressful and intense periods of work
- Immerse yourself in cyber communities – Interact with people who can help you grow and learn, as that’s where you’ll find a huge amount of information