What this book covers

Chapter 1, Starting the Journey to Become a CIO or CISO, is the starting point of this journey. This chapter helps you to understand your current brand. Your brand is what qualities others associate with you. Your personal brand will dictate whether you are successful in becoming a CIO or CISO. The brand will shape your journey and prescribe what actions you need to take to address any of these perceived gaps. Thus, understanding what to refine and improve is a key factor.

Chapter 2, How to Develop Yourself to Be a CIO or CISO, explores the Skills, Knowledge, Experience, and Behavior (SKEB) that a CIO and CISO will require. There is a focus on soft skills that the CIO and CISO should aim to possess, and certain specific soft skills for these roles are essential. By the end of the chapter, you will know how to complete your own soft skills gap analysis and set some objectives to progress with these.

Chapter 3, Executing Your Career Path to Becoming a CIO or CISO, reviews how you can create your career and position objectives for your CV. The concepts of stretch and becoming comfortable with being uncomfortable are explored. We look at how to connect the dots on your career plan and try to think two jobs ahead, to ensure that you understand what SKEB you want to gain for this role to enable you to reach this position. I will introduce the concept of growing others to grow yourself. I also discuss different career path approaches that you may not have contemplated. Finally, we will review the CIO and CISO interview process.

Chapter 4, CIO and CISO Interview Tips, will delve into interview preparation to land your next CIO and CISO role. I outline the 25 most common questions that a CIO and CISO may be asked. Then I suggest 20 questions, which you should consider choosing two to three from, to ask the interview panel. By the end of the chapter, you will be ready to nail the interview.

Chapter 5, CIO – The First 90 Days, will show you how to build a plan for starting out as a CIO. I have included a template and described the work required to shape your own plan. There are working examples of how to engage stakeholders, review your IT strategy/roadmap, and engage your new team. I also talk about accelerating your own business learning and the key metrics that send a message to your team and key stakeholders. Then there is a retrospective review to see whether you need to update your 90-day plan for the next cycle. By the end of the chapter, you will be able to develop your own 90-day plan that is tailored to your new role as a CIO.

Chapter 6, CISO – The First 90 Days, will teach you how to develop your own 90-day plan for a CISO. There is a cyber strategy/roadmap to review and also stakeholders to engage. Once we have understood the stakeholder engagement mapping and plan for the CISO, we will work through an example. The new CISO has to orientate on key risk metrics, and some best practices are noted. There is a review of cyber governance processes, including frameworks to adopt. By the end of the chapter, you will be able to develop your own 90-day plan that is tailored to your new role as a CISO.

Chapter 7, Moments of Truth (When You Accelerate Your Growth), provides examples of when a CIO and CISO really take on their roles. These are moments that accelerate your learning and gain you respect from your key stakeholders and team. These are moments when you define yourself, and a few scenarios are explored to illustrate how this experience will reinforce positive behaviors.

Chapter 8, Understand the Pressures CIOs and CISOs Face, talks about the stress and pressure that is faced in a day in the life of the CIO and CISO. There are different types of CIO and CISO, and the stress indicators can vary dramatically based on the natural style that you bring to the table. Then, as a CIO, you have to work effectively with the CISO (and vice versa). Where you are both aligned and not aligned will have to be considered.

Chapter 9, CIO and CISO Survival Skills, explores Maslow’s theory and how it applies to CIOs and CISOs. With this, detailed stakeholder analysis and approaches can be carried out and provide you with some valuable insights to manage these relationships. There is a discussion around building alliances and when to also look externally for mentors and coaches. Finally, we look at how to avoid workplace politics and ways to navigate certain difficult scenarios.

Chapter 10, Looking for the Next Elevator, deals with what you should do if you don’t feel the role is a good fit. We will essentially evaluate what the right buttons to press are. There are times when a consulting gig makes sense before you consider returning to another CIO or CISO position. Taking a more holistic bird’s-eye view and reflecting on your career will mean that you consider your life and career decisions closely coupled. Then, when you are ready to leave, we will explore how to efficiently hand over to your successor.

Chapter 11, Risk Management as a Career Option, is a bonus chapter in which I take you through a career path that you have probably never considered. I explore how your battle scars and SKEB have prepared you perfectly for this alternate career path. The chapter discusses a very different model of risk management than is typical, modeled on being a coach rather than a player, referee, or even spectator. By the end of this chapter, an alternative career door could have been opened.

Chapter 12, What CIOs and CISOs Do in Retirement, is the final chapter, where you will learn about the mountains you might want to climb next. We will explore some of the motivations you might have and the post-career moves that you can make. Again, given we want to always think two steps ahead, now that you are a CIO and CISO, you need to think about what is next. We will reflect on how to consider this to position yourself better for the future.