Becoming a CISO: Formal and Informal Requirements

Key Message: The Chief Information Security Officer (CISO) is responsible for establishing and maintaining the enterprise program to ensure information and related assets are protected and sustained.

Executive Summary

Whether you are a CISO, CISO equivalent, or have another title with organizational cybersecurity responsibilities, the role you play in your organization to protect and sustain the key information and technical assets needed to achieve the mission is critical in today’s landscape of data breaches, nation-state hackers, and increased threats to the business.

In this podcast, Darrell Keeling, Vice President of Information Security and HIPAA Security Officer at Parkview Health, discusses the knowledge, skills, and abilities needed to become a CISO in today’s fast-paced cybersecurity field.


As a graduate of the Carnegie Mellon University (CMU) Heinz College CISO Executive Education Program, Darrell shares with us his journey through the program. He provides key takeaways and tells us how the program helped him advance his capabilities as a cybersecurity executive.

Role of a CISO

The role of a CISO is needed in all organizations regardless of the size or type of business. Every organization needs someone who can take a holistic, business-based approach to manage the risks that would have the most impact on meeting strategic objectives.

Whether the CISO role comes from the technical ranks or the business side of an organization, the main skill needed is the ability to explain the cybersecurity issues in business language and demonstrate the value of the risks that are being managed by the CISO’s team.

CMU Heinz Differentiator

The differentiator that led Darrell to choose the CMU Heinz College CISO Program as his formal education in the cybersecurity space was knowing that the students are provided training courses, lectures, and discussions followed by a practicum that has the students apply the knowledge to find a solution for an organization that has been impacted by cybersecurity issues.

Many of the other executive programs in this space are one or two weeks long. The Heinz program is six months long, which allows for more time to understand how to build technical acumen as well as translate that technical knowledge into business solutions.

In addition to the weekly virtual lectures, students also work together in small groups, led by a coach, to put together a solution to a case study that is presented to a mock board of directors as a capstone activity. This immersive, interdisciplinary program allows students to build relationships with the faculty, coaches, mentors, and other students that persist long after graduation.


CISO Certification Program

News Release: Carnegie Mellon Launches CISO-Executive Education and Certification Program

Copyright 2016 by Carnegie Mellon