Special thanks to the Rochester Institute of Technology for their great hospitality. It was great to speak to young Cybersecurity enthusiasts. Your feedback is very valuable to me and I promise this time in writing that I will continue to deliver free webinars, and I will keep my blog up to date as much as possible.
Seeing the young generation really interested in Cybersecurity is giving me confidence we can unite and stop the Cyber crime, and make the internet safer. We are better together .
Rochester Institute of Technology
The Rochester Institute of Technology (RIT) is a private research university in Rochester, New York. It was founded in 1829. It is one of only two institutes of technology in New York state, the other being the New York Institute of Technology.
RIT enrolls about 19,000 students, of whom 16,000 are undergraduate and 3,000 are graduate students. These students come from all 50 states in the United States and more than 100 countries. The university has more than 4,000 faculty and staff. It also has branches abroad in China, Croatia, Kosovo, and the United Arab Emirates. The university is classified among “R2: Doctoral Universities – High research activity”
CISO Insight
Some of the best conversations I have had about cybersecurity happen not at enterprise conferences but at universities. Students ask questions that seasoned professionals have stopped asking, and that fresh perspective is invaluable. Investing time in the next generation of security professionals is not charity — it is strategic workforce development for an industry facing a critical talent shortage.
The Cybersecurity Talent Gap: Why University Engagement Matters
The global cybersecurity workforce gap stood at approximately 4 million unfilled positions in 2024, according to the ISC2 Cybersecurity Workforce Study. That number has not materially improved. For CISOs trying to build and retain security teams, the pipeline problem starts at the university level. Students graduating with cybersecurity degrees often lack exposure to the practical realities of enterprise security — how GRC intersects with technical controls, how to communicate risk to business stakeholders, and what the day-to-day of a security operations centre actually looks like.
This is precisely why engagements like the Rochester Institute of Technology community meetup matter. When working practitioners share their real-world experience with students, it bridges the gap between academic theory and operational reality. It also builds the professional networks that students will rely on throughout their careers.
What I Share with Cybersecurity Students
When speaking at universities, I focus on three themes that students rarely hear in their coursework. First, cybersecurity is a business function, not a purely technical discipline. The most successful CISOs I know spend more time in boardrooms than in front of security dashboards. Second, soft skills — communication, negotiation, and stakeholder management — are as critical as technical certifications. Third, the career path is not linear. Many of the best security leaders I have worked with came from networking, development, audit, or even non-technical backgrounds.
Building a Cybersecurity Career in 2026
For students and early-career professionals reading this, the landscape has shifted dramatically. AI and automation are transforming security operations, which means the roles that will be most in demand are those that require judgment, creativity, and strategic thinking — exactly the skills that cannot be automated. Focus on understanding risk management frameworks, learn to articulate technical concepts in business language, and build a portfolio of hands-on experience through labs, capture-the-flag competitions, and internships. Certifications like CompTIA Security+, CEH, and eventually CISSP remain valuable signals, but they are entry tickets, not differentiators.
Frequently Asked Questions
What degree do I need to become a CISO?
There is no single required degree. Many CISOs hold degrees in computer science, information technology, or cybersecurity, but backgrounds in business, law, and even liberal arts are increasingly common. What matters more is a combination of technical depth, business acumen, and demonstrated leadership ability developed over 8 to 15 years of progressive experience.
How important are cybersecurity certifications for career advancement?
Certifications are important but not sufficient. They demonstrate baseline knowledge and commitment to the field. For leadership roles, certifications like CISSP, CISM, and CCISO signal credibility, but hiring managers increasingly value demonstrated experience, published thought leadership, and a track record of managing security programmes over certification counts alone.
What is the best way to get hands-on cybersecurity experience as a student?
Participate in capture-the-flag competitions, contribute to open-source security projects, build a home lab for practising with tools like Splunk, Wireshark, and Metasploit, and seek internships at organisations with mature security teams. Many universities also offer security operations centre simulation courses that provide realistic incident response experience.
Related reading: For a comprehensive guide on cybersecurity career development, visit our Become a CISO career roadmap or explore the CISO Career Hub for mentorship resources and industry insights.