Doctorate Graduation speech
I had a dream, a dream which was not so easy to reach; I planned
I had to take the necessary steps to achieve to my goal; I acted
There were times where I felt alone, where I thought I will never go through, I had some negative feedback which I needed to address, times I fall;
I learned from all those to move forward, learned from my mistakes
Finally, at the end I am “Dr “, I made it.
Today, when I look back, I know nothing happens without dreaming, without taking the first step, without checking the progress and learning from your mistakes.
Today from my speech, if you wanted to walk away with one thought, I would say “never give up” regardless how tired you are, how many times you fail. Stick to your ambition, to you goals and ACHIVE IT. I know YOU CAN, because I just did it, and I just shared my “secret(!) recipe
If you study hard you will be free from ignorance…
Good luck
Dr. Erdal Ozkaya
Higher Degree Candidate News – Charles Sturt University ( CSU)
https://bjbs-news.csu.edu.au/2018/10/31/hdr-candidate-news-november/
Linkedin :
https://www.linkedin.com/pulse/my-doctorate-graduation-speech-dr-erdal-ozkayaF
More from Charles Sturt University
https://www.erdalozkaya.com/charles-sturt-university-certificate-of-appreciation/
Dr Erdal Ozkaya Doctorate Graduation speech
CISO Insight
A PhD in cybersecurity is not about the title — it is about developing the research discipline to separate what we think we know from what the evidence actually shows. In an industry flooded with vendor marketing and fear-driven narratives, the ability to critically evaluate claims and build knowledge from primary evidence is one of the most valuable skills a security leader can possess.
Why a PhD in Cybersecurity?
Completing a doctorate at Charles Sturt University in Australia was one of the most formative experiences of my career. My research examined the relationship between social media usage and corporate security risk — a topic that was considered niche when I started but has since become a central concern for every enterprise security programme. The discipline of academic research — formulating hypotheses, designing studies, collecting and analysing data, and defending conclusions before expert reviewers — fundamentally changed how I approach security strategy.
The cybersecurity industry has a peculiar relationship with academic research. On one hand, some of the most important advances in cryptography, network security, and threat modelling have come from university research labs. On the other hand, many practitioners dismiss academic work as too theoretical or too slow to be useful in a field where the threat landscape changes daily. The truth, as usual, lies somewhere in the middle. Academic rigour applied to practical problems produces insights that vendor-sponsored whitepapers simply cannot.
Lessons from the Doctoral Journey
Several lessons from the PhD process have proven directly applicable to my work as a CISO. First, the importance of evidence-based decision making. When evaluating a security investment, I apply the same critical thinking framework I used to evaluate research literature — what is the quality of the evidence, what are the potential biases, and what alternative explanations exist? Second, the ability to synthesise large volumes of information into a coherent narrative. A CISO who cannot distil a complex security situation into a clear recommendation for the board is as ineffective as a researcher who cannot write a compelling abstract.
Third, and perhaps most importantly, the PhD taught me intellectual humility. The more you study a topic in depth, the more you realise how much remains unknown. In cybersecurity, this translates to a healthy scepticism towards anyone who claims to have all the answers and a bias towards building resilient systems that can adapt when our assumptions prove wrong.
The Value of Academic Credentials in Security Leadership
Does a CISO need a PhD? Absolutely not. Many of the best security leaders I know have no advanced degree. But for those considering it, a doctorate develops three capabilities that are difficult to acquire elsewhere: the ability to design and conduct original research, deep expertise in a specific domain, and the credibility to engage with academic and government research communities as a peer. In my case, the PhD opened doors to NATO advisory work, journal publications, and university teaching roles that would have been difficult to access otherwise.
Frequently Asked Questions
Is a PhD necessary to become a CISO?
No. Most CISOs hold a master’s degree or equivalent professional certifications. A PhD is valuable for those who want to contribute to academic research, engage with policy development, or build credibility in advisory roles that require demonstrated scholarly expertise. The typical CISO career path prioritises progressive operational experience over academic credentials.
What did your doctoral research focus on?
My PhD research at Charles Sturt University examined how social media usage patterns within organisations create or amplify information security risks. The research investigated the intersection of human behaviour, corporate policy, and technical controls — a topic that remains highly relevant as organisations grapple with insider risk and data loss prevention in an era of widespread social media use.
How long does a cybersecurity PhD take?
A typical PhD in cybersecurity takes 3 to 5 years of full-time study, or 5 to 7 years part-time. Many security professionals pursue their doctorate while working, which extends the timeline but enriches the research with practical experience. The key is choosing a research topic that genuinely interests you — the persistence required to complete a doctorate demands intrinsic motivation.
Related reading: For guidance on building a cybersecurity career, visit our Become a CISO career roadmap or explore the CISO Career Hub for mentorship and professional development resources.