Understand and demonstrate achieved results: Making the jump into a new industry isn’t about matching past job titles but about proving you can create impact in a new context. DiMarco says the key is to demonstrate relevance early.”When I pitch a candidate, I explain what they did, how they did it, and what their impact was to their organization in their specific industry,” he says. “If what they did and how they did it, and what their impact was on the organization resonates where that company wants to go, they’re a lot more likely to say, ‘I don’t really care where this person comes from because they did exactly what I want done in this organization’. It’s about the results, but it’s about articulating the results of how you’re going to do it if you come into a different industry.”Youngblood took this approach when he moved from being the CISO at Kimberly-Clark to McDonald’s. “On the outside, everybody sees the golden arches, and they all have the same look and feel,” he says. “But on the back end there are joint ventures, conventional licenses, and country licensees. When you’re the CISO, you have to try and bring everybody together, even though they operate slightly differently.”Beyond operational structures, Youngblood also had to adapt quickly to industry-specific threats. “At T-Mobile, SIM swapping is a huge issue in the telecom industry. Most people don’t realize how frequent it’s happening. It’s a billion-dollar industry, sometimes nation-state funded. Some of them are in the back office and directly taking over the identity of a person, which can cause a lot of damage.”For Cyber Self-Defense CEO Michael Meline, whose career originally started in law enforcement before he stepped into cybersecurity in financial services and then healthcare, the fastest way to build credibility in a new sector is to deeply understand the risk landscape.”You’ve got a lot of the same risks, so it really is risk management. I don’t care what field you’re in, my intent in dealing with cybersecurity is to go in, identify the risks, and then build a plan to mitigate them.”Demonstrating you understand the risk landscape can give candidates a significant edge. “Outline where you think your skills are transferable from the industry you’re in to what you know about the other industries you might be interested in, and then let’s start talking through examples of what you’ve done in your industry and how we think it can relate to the industries you’re talking about targeting and we would build from there,” says DiMarco.
Avoid getting pigeonholed: The biggest career risk for many CISOs isn’t burnout or data breach, it’s being seen as a one-industry operator. Ashworth’s advice is to focus on demonstrating transferable skills. “It’s a matter of getting whatever job you’re applying for, to realise that those principles are the same, no matter what industry you’re in. Whether it’s aerospace, healthcare, or finance, the principles are the same. Show that, and you’ll avoid being pigeonholed.”For Meline, avoiding being pigeonholed starts before moving into a new industry, by focusing on risk first and then learning about the business. “As I’ve progressed throughout my career, what I’ve discovered is cybersecurity is nothing more than risk management. As a cop, I would identify risk and take the appropriate steps to mitigate it,” he says. “It’s the same thing when I deal with risk in the corporate world. I’m working with stakeholders all the way from the bottom of the organization to the top and collaborating on how we deal with this risk, and then build the right plan to address the risk in a way that meets the needs.”Ultimately, DiMarco says the key is showing relevance and being able to draw parallels across industries. “It boils down to the uniqueness of the candidate and drawing your analogies of how close you are to those other industries.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4079956/tips-for-cisos-switching-between-industries.html
