Expert Advice

Joyce Brocaglia is the executive career advisor for CSO magazine. The following questions and answers are featured on CSO's online magazine (www.csoonline.com).

Back to Expert Advice Question List

I am a security professional, hold a CISSP certification, and am pursuing a GSEC certification. I have about 10 years of experience in IT and security, mostly with military and Big 5 consulting firms. How should I go about transitioning into a senior security manager role? Is an advanced degree desirable, and if so, is a technical MS desired, or an MBA?

It looks like you are on track from an experience and certification perspective. Going back to school for an advanced degree isn't absolutely necessary, unless your goal is executive management in security, and then it's a good idea. If you are concerned with which degree path to follow, the answer is simple -- pursue an MBA. An MBA will do more to round out your background and has several benefits. The education itself will be valuable in helping you to better understand business operations and objectives, which in turn will help you be more effective at building a security program that supports them. Also, an MBA will demonstrate to senior management that you are not just a "security geek" but someone who is interested in the bigger picture.

Regarding your past experience; Big 5 experience is valuable, especially if you've focused on a particular market segment and have built up a client base. Leveraging your experience and contacts will probably be the best way to transition into an executive management role. Focus your search toward companies with challenges that you know and understand. By positioning yourself as someone who can quickly add value to an organization, you should have a higher rate of success with your search.

Back to Expert Advice Question List