C-suite career advice: Jim Richberg, Fortinet

What tips would you give to someone aiming for a c-level position? “Be strategic! Identify problems and bring solutions… Be a problem solver, i.e., Here is a problem and here are three things we could do to address it.”

Headshot of Jim Richberg, Field CISO at Fortinet
Fortinet

Name: Jim Richberg

Company: Fortinet

Job Title: Field CISO

Location: Leesburg, Virgina

Jim Richberg is a Fortinet Field CISO focused on the U.S. Public Sector working to bring cybersecurity solutions to industry and the public sector following a 30+ year career driving innovation in cyber intelligence, policy and strategy for the United States Government and international partners. He served as National Intelligence Manager for Cyber and the senior Federal Executive focused on cyber intelligence within the $80+ billion U.S. Intelligence Community (IC) annual operating budget. He was the Senior Advisor to the Director of National Intelligence (DNI) on cyber issues and set collection and analytic priorities for the IC's 17 departments and agencies on cyber threats. 

What was the most valuable piece of career advice that you received? If someone in management asks you to take an assignment or try something new in your organisation, do it.

What was the worst piece of business advice that you received? “No”—you shouldn’t apply for that job/you’re not competitive (or there’s already a preferred candidate). I asked someone else, who said “Go for it”—and I applied and got the job. It’s about a batting average—you’ve got to swing for the fences to hit a home run.

What advice would you give to someone starting their career in IT? Be flexible—roll with the punches. See #1 above. Another piece of advice I’d offer is that while it’s nice to have a vision or a goal, if you pursue it rigidly, you foreclose other opportunities. IT is too fluid and changing too rapidly to be locked in *now* on what you want to accomplish and where you want to be even 10 years from now, much less at the end of a career.

Did you always want to work in IT? No! And I only spent - at most - half of my U.S. government career working in things that could be described as IT, even using a loose definition. I did everything from work in a data centre mounting hard drive disks to catching war criminals and writing political analysis. Even when I was doing something you’d call IT, much of it was atypical—running offensive cyber operations or building insider threat capabilities and whole-of-government cybersecurity programs

What was your first job in IT? A combination of freelance tech writer and beta tester—testing a project management suite and writing the user manual. At the same time, I became the part-time LAN administrator and close support tech for my department at Stanford University, all while being a full-time Ph.D.student in that same department.

What are some common misconceptions about working in IT? That it’s purely technical. Folks with strong social skills can be more effective in jobs such as the help desk or even parts of cybersecurity than someone with strong technical skills and minimal “people skills.”  Common sense and creativity are more important—and they can’t be taught, but they can be nurtured through practice and mentoring.

What tips would you give to someone aiming for a c-level position? Be strategic! Identify problems and bring solutions. Your boss doesn’t want you to dump a problem in his/her lap. Be a problem solver, i.e., “Here is a problem and here are three things we could do to address it.

What are your career ambitions, and have you reached them yet? I’m on my second career, so this is “extra credit.” In government, I was a senior executive, equivalent to a three-star military officer. I set priorities and led activity across 17 organisations and a workforce of 100,000 people. I’ve debated with heads of state, had the satisfaction of knowing that my work saved lives, and I worked on some fascinating projects that make Mission Impossible look tame. Working as a CISO at a leading global cybersecurity provider and helping executives and organisations understand and solve their problems is an extension of what I’ve been doing for most of my career.

Do you have a good work-life balance in your current role? Yes, as long as I keep myself disciplined. I’ve been in jobs where the pace and stress literally worked people to the point of death or disability. I very nearly was one of those statistics, so I take time every day for an intense workout and at least an hour to do something for relaxation. And I try to avoid working weekends.

What, if anything, would you change about the route your career path has taken? My career was atypical. I worked in a place that was hard to get into (the CIA) but that offered an extraordinary breadth of opportunity and wanted to give its employees opportunities to do whatever was rewarding to them and useful to the organisation. Some chose to specialise in a single topic and become world-class experts; others moved around and did a variety of different things that, outside of that environment, would usually have meant changing jobs as well as occupations. I chose that latter path and tended to take a new assignment every three to four years. And I only initiated two or three of these new job assignments; the rest were the result of rising internally within a section of the organisation or being asked by leadership to tackle a specific problem. For part of my career, I felt like a Forest Service “smokejumper” being parachuted in wherever things were hottest. So, my moves were all within the same organisation, compared to the paradigm of switching companies whenever you wanted or needed to change jobs. I enjoyed this career path, so I wouldn’t change a thing.

Which would you recommend: A coding bootcamp or a computer science degree? The classic intelligence analyst’s answer is “that depends.” It depends on your goal and the job you are aiming for.

A computer science degree will give you a broader perspective, both technically and in terms of substance—and it represents your ability to commit to and complete a project over the long terms (four years or more). But frankly, that’s not a realistic plan for everyone, nor required for a lot of jobs. Many employers want their employees to start fully trained and ready to hit the ground running in terms of accomplishing the job they have been hired to do. And that can be more readily done through a focused bootcamp. Some of these bootcamps can even be done online. So, it comes down to whether you want to commit to a short and intense learning experience (a bootcamp) or a longer period with more diversification. You almost certainly have more options with the computer science degree, but it takes more time and money, and frankly, getting your foot in the door can be accomplished in many cases by the more focused boot camp.

In terms of the computer science degree, many folks are hung up on the name and the reputation of the school they choose, and this had made those schools extremely competitive (and expensive). In my experience, where your degree is from can be a factor in getting your first job and possibly your second—but by that time, the focus has already begun to shift to what you have accomplished rather than where you went to school.

How important are specific certifications? They vary with the job and your level. Certifications are a way of validating experience and demonstrating competence. For example, if you are in security, having a CISSP is customary. If you don’t have one but you’ve got plenty of related real-world accomplishments, that can actually be more useful in showing value. But having a certification can be useful in helping you get through the initial screening during the hiring process—some certifications may be called out as requirements and conditions for even applying.

What are the three skills or abilities you look for in prospective candidates? Critical thinking. Can you not only solve a problem, but think strategically to see the bigger picture?

Communication. Even in highly technical jobs, you usually have to be able to communicate verbally and in writing with teammates, managers and often customers or external partners. You don’t have to have the written skills of an author or the verbal acumen of an after-dinner speaker, but you need to be able to make yourself understood efficiently and effectively.

Motivation. Even in an entry-level position, you want someone who you feel will be a self-starter rather than someone who will need to be micromanaged. If this is your first job and you don’t have a track record you can point to, this kind of attitude and commitment is something you can try to convey during the interview by being engaged and making it a two-way conversation.

What would put you off a candidate? If they don’t want to listen to me! Nervousness is one thing, but when a candidate wants to use the introductory “meet and greet” part of an interview as their opportunity for a protracted monologue, that’s off-putting.

What are the most common mistakes made by candidates in an interview? How can those mistakes be avoided? Lack of curiosity—this is your opportunity to interview the interviewer. If they are a subject matter expert in your area, ask them questions about the job, key challenges, etc. If they are generalists or from HR (as at the start of a multi-round interview process), ask them about the company and culture—what they say and whether it feels scripted or sincere can tell you something about the company and your potential future colleagues. I usually end an interview by asking the candidate if they have any questions for me—if they say “No” I usually see that as a sign of disinterest or a lack of preparation.

Do you think it is better to have technical or business skills – or a mix of both? It depends on the job. You have to have the basic knowledge to do the job, but a proven capacity and interest to learn is usually more important. Given the pace of change in technology, specific skills age quickly—you need to be able to adapt. Even if you are applying for an engineering job, it is probably going to be more valuable to be able to apply basic STEM skills and show that you can do problem-focused analysis and project management, rather than that you have mastered a specific technical niche. There are always exceptions—for instance, someone who is recruited for their mastery of a specific technical specialty, but in general even hard-core technical jobs more often involve leverage broad skills. And usually, the higher you ascend in any field, the less hands-on technical knowledge you usually need to bring to bear.