I know what you are thinking. You're thinking that you can't accidentally become the CISO, but, you would be wrong. It is never what I set out to do. It isn't something that I asked for. I'm not even sure that it is something that I deserved. So, how did it happen? Quite simply, it is because I didn't say "No, that isn't my job."
I've been in tech for a long time. The majority of that time has been in startups. In a startup environment, everyone wears a lot of hats, hats upon hats, all at the same time. It is all part of the "just get it done" mentality that is necessary to ensure survival. Anyone that has worked in a startup has experienced this first hand. If you have never worked in a startup and think it sounds like fun, it is, but it comes with a price. There is no such thing as a comfort zone. You will be pushed, and you will be pushed hard.
Obviously, I wasn't hired to lead security, but it turned out that it is what the company needed from me. Leveraging my 20+ years of IT experience, I did what I had to do to make the team successful. I filled out vendor security questionnaires. I attended countless conference calls with customers to answer questions and support sales. I drove internal audits, improved the security program based on my findings, and brought in external auditors to certify our platform. The reward for this hard work was to be named the security and privacy officer, replete with the overwhelming responsibility and stress that goes with the title.
My uneasiness with the role prompted me to create a twitter account where I could vent, complain, and ask stupid questions. Most unexpectedly, what I found was an amazing and vibrant community that welcomed me with open arms. I began to from relationships and quickly realized how much I had to offer in return.
A year in, I have embraced the role. While it was in no way intentional, it may just be the best thing that could have happened to me in my career. It has allowed me to have a far greater impact on the organization than I ever thought I could, but for me personally, there has been an even more important benefit. My success has made me reconsider my strengths, and even my own identity, as I have begun to find my place in the industry.
Are you an accidental, unwitting, or reluctant CISO? Use the button at the top of the page to follow me on twitter and tweet me your story!