While you enhance your security and business skills, you can work within your own organization to prepare for a career transition. Here are some ideas from a panel discussion at the 2006 RSA North America conference about becoming a CISO:

Learn to collaborate with other departments to integrate and appreciate other roles. According to an Auburn University study, "Managerial Dimensions in Information Security: A Theoretical Model of Organizational Effectiveness", implementing information security programs requires exceptionally high levels of "task interdependence": Respondents said 62 percent of their daily tasks depended on the exchange of information or cooperation with others.

Take the value-added approach by learning how to align your responsibilities and accountability with each department's business goals. Look at the big picture - the goals and focus of the organization. Think in terms of the overall business, and know the impact you have on it and how what you do creates value for the organization. Communicating the value of information security will help in building a spirit of cooperation throughout the organization.

Develop your own circle of trust within your ­organization with representatives from each department to help promote mutual understanding, appreciation and teamwork. When more people agree with you, you gain credibility. Eventually, executives will learn about your group and recognize the value in consulting you.

Engage executives in conversation so they can get to know you and learn to trust you. These conversations should be succinct but meaningful, using business terms, not "geek speak" or acronyms. Determine how you can add value to their goals, then make your case as to why you should be consulted or included in a meeting.

Offer executive and user security-awareness training on security threats affecting home offices and present prevention techniques. Executives will see the difference you make to their home computers or networks, and that builds their trust in your ability to make recommendations for the business's networks.

Learn to balance opportunity risks. Many executives perceive security staff as inflexible, so they don't want to invite them to strategy meetings. Be flexible in balancing security risks with business processes that help the organization meet its goals.

So, would you like to be a CISO? Are you willing to step away from some of the technical aspects of information security? If the answer is yes, keep up to date with your technical knowledge and certifications, and learn business language and softer communication and presentation skills. Develop relationships with executives so they are aware of your knowledge and skills, will begin to trust you and will see you as a good choice for a C-level position.

Rolf Moulton is a CISSP-ISSMP, president and interim CEO of ISC2. He can be reached at rmoulton@isc2.org