More cybersecurity professionals aiming for CISO roles, survey reveals

Current CISOs and business executives should design career pathways for cybersecurity professionals candidates by creating mentoring programmes, building career maps, and providing resources for continuous education.

By U2B Staff 

Read all stories

A recent report published by Enterprise Strategy Group (ESG) and Information Systems Security Association (ISSA) stated that close to 50% of cybersecurity professionals surveyed want to embark on a career pathway that would enable them to achieve CISO and other equivalent C-suite level positions in their careers.

The ESG and ISSA report is based on data from a survey of 327 cybersecurity professionals and ISSA members from Europe and America.

This report indicates a clear need for guidance, career development, and training for cybersecurity professionals.

The survey found that 63% of respondents have less than three years of experience in this field and out of this 76% started in the field as IT professionals before embarking on a career in cybersecurity.

Additionally, 52% of survey participants chose hands-on experience above security certifications. However, 44% of respondents agreed that hands-on experience and certifications are of equal importance.

So while the hands-on experience is critical, it should be supplemented with the right certifications at the right time.


While 68% of these cybersecurity professionals stated the lack of a clearly defined career path, in this year’s survey, 47% of cybersecurity professionals responded that they had career plans to become Chief Information Security Officers (CISO).

This reflects the general sentiment on upskilling among cybersecurity professionals as survey respondents were largely aware of upskilling methods to increase their cybersecurity knowledge, skills, and abilities.

More than two-thirds of cybersecurity professionals attended cybersecurity training courses while 65% cited participation in professional organisations as the most highly preferred method to upskill themselves.

This is an interesting development, indicating a need for cybersecurity professionals to develop their leadership, business, and communications skills.

While career options remain murky in this sector, the survey results reveal that business education should be part of any and all cybersecurity career development plans.


This comes as no surprise as CISO’s are business leaders and not merely technical leaders. The survey revealed that cybersecurity professionals agreed that the important qualities of reaching the C-suite level include developing communication skills and leadership skills.

38% of respondents cited a need for management skills while 36% cited business skills as a requirement to climb up the career ladder in this field.

Respondents unanimously agreed that technical skills were the least of a priority when it came to upskilling for the C-suite level.

“The complexity of knowledge necessary for success is a perfect blend of technical knowledge, business acumen, security strategy, and educational ability,” the report stated.

Current CISO and business executives can help in designing pathway progressions for strong candidates by creating mentoring programmes, building career maps, and providing resources for continuous education.

These investments will not only benefit individual organisations but also the cybersecurity community at large.

In a nutshell, career progression in the cybersecurity field will include a combination of mentoring that will help cybersecurity professionals define a tailor-made career pathway and a standardised career map with progressive training, education, certifications outlined according to job titles or responsibilities.