HUMAN RISK MANAGEMENT FORUM

 View Only

Looking to change focus

By Adam Traylor posted 05-12-2023 11:10:54 AM

  

Hi everyone. I hope this is the right place to post this.

I have been running security programs, with a strong emphasis on User Behavior and Security Awareness, for over 10 years. While my roles have always been to manage the full security program, I am looking to direct my focus solely within the Awareness and Culture areas, and have been looking and applying for roles that meet that desire.

Recently I found out I have roughly 4 months of time left before my current position is dissolved due to our contract not being renewed. In light of this, I am asking for advice and guidance on how to make the transition from being a CISO-type to being more dedicated to developing and/or running a UB and SAT program.

Any help or tips would be greatly appreciated.

Thanks.

Adam


#Jobs
2 comments
27 views

Related Content

Permalink

Comments

Adam Traylor
05-16-2023 11:59:30 AM

Thanks Damon. All great advice and I will start working on the items you mentioned!

Damon DePaolo
05-16-2023 11:54:02 AM

Hi Adam, this is a great question.  I want to start by saying i have not moved from CISO to this role so i don't have direct experience, but I spend a lot of time coaching people that are looking to move into Cyber or into different roles in Cyber, and there are a couple of things i always tend to suggest as people are looking at that next role.  

You are fortunate to have familiarity with the space, so as a personal exercise define a mission and vision statement for your desired role.  If you were running the function already, what would be your goal, how would you want to impact your org, what would be your guiding principles?  This is useful in a couple of ways.  First, it guides your pitch when you are meeting to talk about moving the role.  It helps you convey your passion and helps to determine if your vision will align with the organization you are looking to work within.  It also helps you to evaluate your strengths and opportunities in regard to your vision. 

Now, look at those strengths and opportunities.  For your strengths, familiarize yourself with how you will utilize them to execute on your vision.  For your opportunities, pick one or two to start focused learning on.  This will help you to narrow down the wide world of potential skills.  There may be some areas that you will not be able to or want to grow that will be necessary for executing that vision, so think about how you would fill those gaps and be prepared to talk about that during interviews.

Finally, always think about the wealth of experience you have had throughout your life and career.  Look at transferrable skills you have that may be applicable to a role in this space and write down why they will make you super effective.  Take some time to focus on non-traditional skills in the space, and how having them makes you stronger in this role than people that don't have them.  Think about how those skills contribute to your achieving your vision.

Of course, there are also the tactical things to get more in tune with the industry, so familiarize yourself with principles of adult education, attend great conferences like the Living Security Human Risk Management Conference in June and the SANS Security Awareness Summit to see what practitioners are focusing on, and ask our questions to the community here.  The community of professionals in this discipline tend to be very welcoming and want to help people, it is largely why we gravitate to this role :)

I hope that helps and is at least partially what you are looking for!

Damon