With a shortage of skilled IT security workers, there is plentiful room for aspiring cybersecurity professionals to take on leadership roles within the industry.

Having a Chief Information Security Officer (CISO) or the equivalent function in an organization has become a standard in business, government and non-profit sectors. With more than 80 percent of large organizations employing a CISO, we wanted to interview CISOs across a wide-array of institutions, with varying certifications and backgrounds. This month’s featured CISO is Theresa Semmens of North Dakota State University (NDSU).

Theresa Semmens CISO North Dakota State University Silverbull

Photo Courtesy of Theresa Semmens

Theresa Semmens has worked at NDSU since 2003 and has worked in information security for over 14 years. During her career, Semmens served five years on SANS’ Higher Education Board and has been an active member of EDUCAUSE, a nonprofit dedicated to the advancement of higher education through information technology. Aside from being involved in various infosec committees, Semmens has given countless lectures and presentations on various topics about the industry.

Apart from her strong interest in computer information systems, what drew Semmens to a career in information security was her interest in human behavior.

“Without the human element, there would be no need for information security,” Semmens notes.

By pairing her two interests, Semmens found a career she finds “challenging, invigorating, rewarding and frustrating at times,” but enjoys the fact that no two days on-the-job are ever the same.

For Semmens, one of the accomplishments that she is the most proud of is employing NDSU student security analysts to assist with the day-to-day IT security functions around the office while preparing the students for successful careers in cybersecurity.

“Two of the four individuals that we have hired, have been hired into full-time information security positions with well-known companies. The companies have been impressed with the student’s knowledge and experience,” Semmens notes.

For professionals looking to advance their careers in the cybersecurity industry, Semmens offers the following advice on what it takes to be a successful leader and how to develop the necessary skills to be an effective leader.

How do I know if I would enjoy managing vs. doing?

You need to determine within yourself if you like to guide, encourage, coach and direct, or if you would “rather do it yourself.”  Are you a visionary? Do you have a broad overall picture that you can contribute to the company? Know who you are and what your preferences are. If you are not comfortable providing guidance and direction and dealing with the bigger vision of the department or division, you may not be suited to leadership.

My advice to those looking to become leaders is to develop a vision – determine and visualize where you want to be in the next two years, next five years, and next ten years. Develop a plan of action that is strategic – determine what you will need to do and accomplish to reach those milestones. Be willing to adapt and detour – life will throw up barriers! Those detours and barriers will be your best life experiences to learn from.

How do I know if I would make a good IT manager or if I am more ideally suited for coding, UI and technical work?

  1. Do you like working with people?
  2. Do you like to teach others skills?
  3. Are you often asked to be a lead on teams?
  4. Are you comfortable being in front of and speaking to groups of people?
  5. Are you comfortable with scrutiny, contention and conflict?
  6. Are you good at resolving personality differences?
  7. Are you forward thinking and a visionary?
  8. Do you see the big picture and not just the details?
  9. Do you have an ethical mindset that is critical for a successful CISO?

If so, you may have the talent and skill set to serve as a manager. On the other hand, if you don’t like doing a lot of the items mentioned above, you might be better suited to a technical profession where you don’t have to deal with “people” issues. If you are good with organizational behavior, you will most likely be well suited for management.

What does it take to be a successful IT manager?

To be successful in leadership, you have to have a genuine interest in the human factor. Leadership integrates the “technical” with the human and social aspects of technology. It is the nexus between your workforce and executive leadership. It is how you meld your vision and forward direction into what fits and blends with the business vision, mission and objectives of the company. It is about creating the best environment possible for your staff to be productive and effective.

To do this, you need to be genuinely interested and concerned about people, who they are, how they work and what their expectations are as well as yours. It is relationship behavior and the soft skills needed to lead. Often managers focus on the personality and not the problem! Great managers and leaders lead by example and inspiration. They give credit and recognition to those who have earned it. They coach and guide those with potential to build up confidence and self-esteem to create a sense of worth and high morale in their teams and staff.

How do I develop the skills I need to be an effective leader?

For those who are interested in moving into a leadership/management role, you have to demonstrate that you are interested and willing to serve in those roles. Seek out opportunities within your department or division where you can highlight your leadership skills. Some suggestions include:

  • Volunteering to lead a small team that is serving on a section of a large project. While serving as a lead on that team, do you naturally encourage and support your team members to be innovative and creative? Do you offer constructive praise and criticism?  Are you diverse and ensure that all members have the same opportunities or encourage them to take all opportunities afforded to them?
  • Work with an intern to help grow them in the skills they are trying to acquire for their chosen vocation. This is actually a great way to learn about management, because in this role you are serving as a guide, coach, teacher, leader, confidant and mentor. You will be working not only with teaching the intern the skills they need, but also how to learn and navigate the environment, culture and climate of the company.
  • Take professional development courses or college courses on leadership and management.
  • Visit with your director – let them know your intentions.  A good director will work with you to help point out what you need to do to take the next steps into a leadership role. Advanced degrees and certification can be beneficial in obtaining your goals towards leadership. Both help to demonstrate that you are a continuous learner and want to further your knowledge and expertise.
  • Don’t be afraid to search for opportunities outside of your workplace. If you belong to professional organizations, volunteer to serve on committees and work groups. This gives you the ability to network with others within your field, which will provide you opportunities for growth and development. I have been involved with EDUCAUSE, a nonprofit association for IT leaders and professionals committed to advancing higher education, for the past several years. Through my involvement with EDUCAUSE, I have been able to lead workgroups, serve and co-lead a program committee.
  • Handling crucial conversations and conversations involving contention and disagreement is a required skill. Crucial conversations can include anything from campaigning for new needs that require an increased or additional budget to handling a dispute between two key talented staff members. Those conversations need to be multi-lingual. You have to learn to speak the varied languages within the business – accounting, marketing, sales, etc. Talk to them in their language, terms, or a story they can understand and assimilate. Most importantly, learn how to deliver a message that might have negative connotations in a positive format and tone.

 

Interested in learning the in-and-outs of the cybersecurity industry from senior level professionals? Then check back for our next CISO feature article coming soon.

Last month’s featured CISO: Virginia Tech’s CISO shares how the main threats and dangers universities face from hackers.