Lee & Mike often have excellent insights into the job searching of a CISO, and I liked a recent blog post of theirs enough to point back to it (even if, I would argue, the original question wasn’t really answered in an actionable way): “Common Traits of Future Information Security Leaders.”
In very brief, you could sum this up even quicker with: attitude, enthusiastic learning, good relationships with people, willing to fail, and aware of themselves. I’d also suggest that, between the lines, Lee would also say that successful CISOs take an active, deliberate approach to handling their career path and job/goals.
As a non-CISO, I would offer to the original question a few tips:
– be active and skilled and friendly in your current role, i.e. you leave smiles in your wake
– walk and talk the part of the next step you want for advancement (team lead, senior, mgr…)
– find out how the business works and what business/managers want to hear when talking about your role/duties/projects. You don’t make sure the network operates, you make sure that the business can deliver quality service through technology…
– consciously pick tasks/roles/projects that make you visible to the rest of the business whenever possible; be aware of “project management” skills during them
– be the knowledge expert in security and how it relates to the business
– delegate recurring, menial tasks and make sure your own duties are documented enough that someone “lower” can take them on while you slide yourself upwards
– make it known to your immediate boss your career goals (or HR) in a friendly, but firm way
– pursue certifications as you can, but at a digestible pace
– network in your area with like-minded persons (formal security groups or even informal bar-crawls)
– network in cyberspace as well, where you can almost certainly sound more senior than you really are in a current position! 🙂
– be ready and willing to move on to another opportunity
My goal in those suggestions is to move from being a person in a technical role to being a person in a technical role with aspirations and skills and desire to be in a managerial/lead role, thus getting started on the upward track.