If you can't land a security-centric job right away, you can get some basic training by lining up IT roles that provide some exposure to security functions like intrusion detection or application testing. And you can raise your profile as a security expert by sharing security information and recommendations with your colleagues. If you do that, people will come to respect your opinion and will eventually start to rely on your expertise, says Mondo's Leighton.
"Most companies don't have a security engineer -- most have a systems administrator that they hope takes care of the security aspect," Leighton says. "By bringing information to the CIO and making recommendations, you position yourself as the resident expert."
Sign up for CIO Asia eNewsletters.