Business acumen--at a whole new level
"The biggest issue security folks are dealing with right now is that in the past they've used their peer group of security pros to be their benchmark of what their skills should be," said Kushner. "Now that benchmark is really the executive team."
While you may be an expert in application security, comparing yourself to a group of application security professionals will only keep you in application security and won't get you elevated to management, explained Kushner.
"You have to compare yourself to other people who are sitting in the boardroom. Many security folks say 'I don't get a seat at the executive table.' But the truth is they're not getting a seat at the executive table because the other executives aren't convinced that they deserve a seat."
Kushner recommends building skills and undertaking career investments that will enable you to be seen in that executive light. Understanding the key components of the organization -- not just its security--is what will get you noticed. Learn what external factors the organization is dealing with, the obstacles it faces in the market that go beyond security and risk.
"Most security folks think they have business skills. But the way a security person defines business skills, and the way the CIO or the CFO or another C-level person defines business skills are probably two different things."
Communication ability--including the skill of listening
"In order for a security program to be implemented correctly you have to be able to get that message to everyone," said Kushner. "Everybody has to develop some kind of security conscience."
Kushner points out that listening skills may be even more important than speaking in the first stages of communicating with others throughout the organization.
"Understanding people and cultures is such a skill. Most people neglect that skill," he said.
For example, you won't communicate with the technical operations team the way you would with a business leader.
"Figuring out the different languages and figuring out how to translate what you're doing into a language that they respect and understand is big," said Kushner.
"Effective communication from a security leader means having a broader knowledge base, understanding the competing interests of the business, and making sense of it."
Leadership skill--no matter your current position
Of all the skills today's employer is looking for from their CISO or security manager, it is leadership, according to Kushner. And many companies may be hiring a CISO because they are seeking change within an organization and they want a CISO who can drive their security in a new direction.
Sign up for CIO Asia eNewsletters.