How to become a CISO (Chief Information Security Officer) — the executive cyber role responsible for organisation-wide security strategy. UK comp: £150k–£400k+.
Build T-shaped depth: one deep specialism (architecture, GRC, IR, appsec) plus broad exposure.
Own the security function under a CISO; manage 5–25 staff; lead board updates.
End-to-end ownership; report to CEO or CTO; manage budget £1–10M.
Board accountable; multi-region team; £20M+ budget; regulator-facing for FCA/PRA/ICO/NCSC.
Both work. Engineering-route CISOs lean technical and are common in tech/fintech. GRC-route CISOs lean operational and dominate banking/insurance/healthcare. Best CISOs deliberately rotate through both before the seat.
Yes — booming market. Typical engagements are 1–3 days/week per client across 3–5 clients; £150k–£300k portfolios.
Optional. Helps for FTSE-100 / bulge-bracket seats; unnecessary at SMB/mid-market. CISSP + CISM + a clean board-comms track record outweighs the MBA in most CISO searches.
26 months globally; 30–36 months in the UK. Burnout, post-breach exits, and competing offers all drive churn.
Get a personal gap report, AI Career Twin and practice keyed to your target band.