Dan Glass is a cybersecurity expert with over 25 years of professional experience, including roles as a CISO at American Airlines and advisor to various organizations. The document outlines the responsibilities and qualifications of a CISO, emphasizing the importance of security in organizations and the increasing demand for skilled professionals in this field. It also highlights job roles in security, salary ranges, and the educational pathways for entering the industry.

1. Dan Glass
Speaker
INFORMATION
SECURITY
SMS Career Day

2. About Me
Former CISO - American Airlines (AA)
Former Member of Technical Staff - AA
Co-Founder & Former Board Member - Aviation ISAC
Content Committee Member - Numerous Conferences
Advisory Board Member - Numerous Companies
Board Member - North Texas Performing Arts (NTPA)
Vice President, Chief Information Security Officer (CISO)
NTT DATA
Other Interesting Positions:

3. My Work History
Over 25 years professional experience
Over 20 years in cybersecurity field
Over 10 years as a CISO
Over 10 years in technical IT and security roles:
network engineering
system administration
email management
code development
Started professional career as a financial analyst

4. Education
Masters of Science - Information Management
Bachelors of Business Administration - Finance
Bachelors of Business Administration - Economics
Associate of Arts - Psychology
Certified Information Systems Security Professional
(CISSP)
Certified Information Systems Manager
Certifications

5. What is a CISO?
The CISO (chief information security officer) is a senior-
level executive responsible for developing and
implementing an information security program, which
includes procedures and policies designed to protect
employees, facilities, enterprise communications, systems,
and assets from both internal and external threats.
The CISO also procures cybersecurity products and
services and manages the enterprise disaster recovery
and business continuity plans.

7. What is a CISO? (take 2)
The CISO is responsible for managing a program and
teams that protect all the people, offices, computers,
applications, and information that a company uses.

8. Develop, implement and monitor a strategic security
and IT risk management program
Work directly with the business units to facilitate risk
assessment and risk management processes
Develop a security management framework
Interact with related disciplines to ensure the
consistent application of policies and standards
Provide leadership to the security organization
Partner with business leaders to raise awareness of risk
management concerns
Assist with business technology planning, providing
future vision of technology and systems
What does a CISO do?

9. CISO Qualifications
Advanced degree in business or a technology field
Minimum of 15 years of experience in a combination of
risk management, information security and IT jobs
Minimum of five years experience leading IT and
information security professionals
Excellent written and verbal communication skills and
high level of personal integrity
Innovative thinking and leadership with an ability to
lead and motivate cross-functional, interdisciplinary
teams
Experience with common information security
management frameworks

10. What's interesting?
I play "cat and mouse" with some of the smartest
people on the planet
I work with some of the brightest minds in the world
I think like a criminal in order to defend against them
I think through how protections impact the company
The environment is always changing due to technology
advancements and improved attacker techniques
Information security is the most intellectually
challenging and stimulating field in the world

11. What's uninteresting?
Meetings
Spreadsheets
Operational issues
So. Many. Meetings.
Budget cuts
Interpersonal conflicts
Did I mention meetings?

12. Security in a nutshell
Identify where security risk exists by ensuring the
company is adhering to security policies
Protect assets against attack and theft by deploying
security technologies that block bad stuff
Detect when security events occur by monitoring
events from every company system
Respond to security events by hiring a highly trained
team of experts that contain the event
Recover from security events by ensuring systems are
resilient and have backups

13. Jobs in security
Security Analyst: reviews information looking for
malicious activity
Security Consultant: reviews IT systems for security
design and adherence to policies
Security Engineer: builds and manages technical
security controls
Security Architect: design security technologies and
policies
Security Manager: manages security functional teams
Security Director: leads a functional area of the
security organization
CISO: sets strategy and leads the entire security
program

14. Firewalls block unwanted network connections
Antivirus detects and blocks malicious software from
running on a system
Scanners probe systems looking for software
weaknesses that hackers can attack
Identity & Access systems ensure authorized people
get access to things and unauthorized people do not
Proxies monitor internet usage for known bad websites
and malware from being downloaded to systems
Security event managers collect and analyze millions of
events that occur within a network each day
System management software configure computers to
policies and can update components as needed
Security technologies

15. Salary ranges in security
Information Security Analyst: $61K - $180K
Information Security Consultant: $60K - $168K
Information Security Engineer: $74K - $182K
Information Security Manager: $88K - $206K
Information Security Architect: $70K - $180K
Information Security Director: $123K - $237K
CISO: $125K - $324K

16. Security field outlook
By 2025, it's expected that there will be 3.5 million
unfilled security jobs
The expected growth rate for the information security
field between now and 2031 is 35%
There are not enough skilled security professionals to fill
the open security roles within the job market

17. Technology & Security
Security Analysts use software to help aggregate large
data sets and pull in information from various systems
Security Engineers use programming and scripting
languages to automate repeatable functions
Security Architects use design software to visually
depict complex concepts and systems
Security leadership use productivity tool suite apps
such as word processors, spreadsheets, and
presentation software
Of course, everyone uses email and chat
Technology usage for security professionals varies widely
based on their specific focus:

18. How to get a job in security
High school degree for entry level roles
College degree for more senior roles
Advanced college degree for leadership roles
Well rounded liberal arts knowledge (history, science,
art, etc.)
A keen analytical mind with the ability to solve complex
problems with unique approaches
Technical skill within and outside the role
There is no single or straightforward path to a job in
information security but there are things that are
considered prerequisites:
There are now degrees in cybersecurity, but it is not a
must have to get a job. Here are some traits I look for:

19. Quiz Time
www.kahoot.it

20. https://dan.glass/
Thank You!
mastodon:
@djglass@infosec.exchange
resume@hckd.me