How to become a CCISO?

A Certified Chief Information Security Officer is addressed as CCISO. This is one of the many Cyber security certifications accredited by EC-Council.

International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security certifications body, operating in 145 countries globally Owners and developers of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), Licensed Penetration Testing (Practical) programs, among other Information security certifications. They’ve trained and certified over 200,000 information security professionals globally.

Data is the new and the oil of the future. Just like oil is stored in tankers, data is stored in servers. And manning those tankers are Certified Chief Information Security Officer.

As cyberspace started to expand, and machines became more complex, the risk of data getting stolen, manipulated, and misused started increasing. An international attempt at hacking one of the world’s biggest companies and an individual’s 6-month interview process gave birth to the legend of Steve Katz, perhaps the world’s first Chief Information Security Officer for more than 27 years on a CCISO’s job description. Below are points from the pioneer and his descendants.

• Security operations: Company’s firewalls, entry points, databases, and other internal online environments are managed by them, real-time. In times of a problem, it is expected that they classify the risk, diagnose, and ultimately solve it as soon as possible while ensuring the loss is minimal.
• Cyber Risk and cyber intelligence: A CCISO is expected to be aware of new threats and other developments in cyberspace before anyone else in the organization and share them with colleagues and management as soon as possible.
• Data loss and fraud prevention: We live in a world where hiring, resigning, and firing have become routine and continue simultaneously. CCISOs and their subordinates are a company"s virtual vigilance departments. They also must watch for employees and ex-employees leaking out sensitive and false information.
• Security architecture: Segmenting networks, use of firewalls, penetration testers, ethical hackers, and their volume and place are decided by CCISOs.
• Identity and access management: Giving employees usernames and passwords, determining who gets access to which tools, and how quickly those are withdrawn when their employment ceases to exist are determined by CCISOs.
• Program management: Some security professionals don’t have reputed Information security certifications, but their security management skills are better than those with them. Measuring risks, gathering intelligence, and knowing data direction, building, and managing new cybersecurity projects and systems, like patching systems are also what CCISOs and their team do.
• Investigations and forensics: As shared above, CCISOs are the unofficial vigilance officers of their company. If and when the situation arises, they are expected to work with outside law enforcement agencies, consulting firms, government agencies to conduct forensic investigations and make employees understand the risk of being on the wrong side of company policies and law in this domain.
• Governance: Last but not least and related to the above point. Cybersecurity too costs money. There are products as per various budgets in the market. Not all members in boardrooms understand, say the risk from phishing attacks and how to deal with them individually sometimes. Regulatory frameworks too, keep evolving. CCISOs help here as well.



Now that we’ve read about the job’s responsibilities, let’s now see what’s needed to CISO certification:



• Preferably a master’s or higher degree in security or computer science.
• Be a technical expert
• At Least 10 years of experience in managing information security and technology within a company.
• Minimum 5 years in each of the 5 domains of CCISO shared below.
• Great interpersonal, verbal, and written communication skills
• Understanding of an electronic and site security environment.
• Solid understanding of the organization’s business needs
• Have leadership skills, especially the vocabulary and conduct to deal with boardrooms.



Waivers under different domains of CCISO certification:



1. Governance, [Policy, Legal and Compliance]

Professional Certification Waivers- CGEIT, CRISC, HISP

Other qualifications- Ph.D. Information Security – 3 years, MS Information Security Management, MS Information Security Engineering – 2 years, BS Information Security – 2 years

2. IS Management Controls and Auditing Management

Professional Certification Waivers- CISA, CISM, HISP

Other qualifications- Ph.D. Information Security – 3 years, MS Information Security Management, MS Information Security Engineering – 2 years, BS Information Security – 2 years

3. Security Program Management and Operations

Professional Certification Waivers- PMP, ITIL, PM in IT Security, HISP

CISSP, LPT, E|DRP, CIPP, MBCP – 2 years

Other qualifications- Ph.D. Information Security – 3 years, MS Information Security or MS Project Management – 2 years, BS Information Security – 2 years

4. Information Security Core Concepts

Professional Certification Waivers- CISSP, LPT, E|DRP, CIPP, MBCP – 2 years

Other qualifications- Ph.D. Information Security – 3 years, MS Information Security – 2 years, BS Information Security – 2 years

5. Strategic Planning Finance and Vendor Management

Professional- None

Other qualifications- CPA, MBA, M. Fin. – 3 years




CCISO Certification Training Exam Syllabus:




Topic 1- Governance, Risk, Compliance

• Governance
• Risk Management
• Compliance

Topic 2- Information Security Controls and Audit Management

• Information Security Management Controls
• Audit Management

Topic 3- Security Program Management & Operations

• Security Program Management
• Security Program Operations

Topic 4- Information Security Core Competencies

• Access Control
• Social Engineering, Phishing Attacks, Identity Theft
• Physical Security
• Disaster Recovery and Business Continuity Planning
• Firewall, IDS/IPS, and Network Defense Systems
• Wireless Security
• Encryption Technologies
• OS Hardening
• Vulnerability Assessment and Penetration Testing
• Develop a plan to identify a potential security violation and take appropriate action to report the incident
• Threat Management
• Incident Response and Computer Forensics
• Secure Coding, Best Practices and Securing Web Applications
• Virus, Trojans, Malware, and other Malicious Code Threats

Topic 5- Strategic Planning, Finance, Procurement, and Third-Party Management

• Finance
• Third-Party Management
• Strategic Planning



Even CISO certification has a Credential Renewal Policy:



• License is valid for 3 years
• 120 EC- Council Continuing Education Credits must be earned within a 3-years period
• An annual renewal fee of $100 must be submitted.
• Credits can be earned in many ways like writing research papers, attending seminars and conferences,
• Failure to meet the certification within the 3-years period shall result in the suspension of it for 1 year.
• If the certification maintenance requirements are not met within the suspension period, CCISO period will become invalid.



A good place to get this accreditation is Mercury Solutions Limited. Reasons:



• More than 10 years of experience possessed by trainers
• Facility to view classes recorded
• More than 10, 60, 000 hours of sessions delivered
• 40,000+ professionals’ trust
• New Jersey, Dubai, Bengaluru, Pune, Gurugram- some of our locations.

Possible areas in which courses can be done post CCISO Training:

• Master of Science in Computer Security
• Digital Forensics
• Digital Security

Enroll yourself in this course to be the digital chief of your company’s security.