What CISOs Want – Career Tips from Jason Kichen
Curious, Driven, and Hungry to Learn
Successful cybersecurity careers start with a strong drive to learn the latest. According to Jason Kitchen, CISO of Tricentis, this trait of relentless curiosity is what separates adequate candidates from exceptional ones. Drawing from his experience leading a global security team, this article outlines what CISOs like Kitchen truly want—from the practical skills for key roles to the initiative that opens doors, regardless of your academic background.
If you’re studying cybersecurity right now, you already know how fast the field is evolving. Artificial intelligence (AI) is now writing code, testing systems, and analyzing security logs—tasks that once belonged entirely to humans.
Producing secure, reliable code is essential to preventing breaches and outages. One missed bug or vulnerability can ground airlines or halt business operations, making software testing truly mission-critical. But with nearly exponential hardware and software combinations to test, only automation and AI can keep up.
That’s the global challenge solved by Tricentis, where Jason Kichen serves as Chief Information Security Officer (CISO). Its software automates software testing and quality assurance on a massive scale, executing far more test scenarios than a human workforce ever could. Their customers range from nimble startups to Fortune 10 giants—each relying on Tricentis products to ensure their software is truly ready to release.
Kichen leads a large global security organization responsible for both protecting the company’s internal systems and ensuring the security of the product itself. His teams span Security Operations, Product Security, Governance and Compliance, and IT Operations—all under his direction as CISO.
“Doing Nothing Is Not an Option”
If there’s one piece of advice Kichen wants students to take seriously, it’s this: never stop learning.
“Doing nothing is not an option,” he said. “Technology moves too fast. You must constantly look for the next thing to learn.”
As an example, AI, is changing how attackers operate and how defenders protect our data. “Everyone needs to be able to speak intelligently about AI’s impact on the field of cybersecurity,” he said. “If you don’t have an opinion, it's a sign that you’re not staying current.”
Fortunately, there’s never been an easier time to explore new tech hands-on. Kitchen remarked about how accessible it is to stand up an MCP server, start up some agents, and run an LLM locally. Building a project like this shows that you’re curious, capable, and driven. Traits he wants on his team.
What Impresses a CISO
Whether early in your career or a seasoned professional, Kitchen wants to see your initiative.
“Basic resumes list jobs and responsibilities. That tells me you can fulfill assignments. Great. But outstanding resumes show that you went out of your way to do a project, build a thing, master a skill, or conquer a challenge. That’s what I’m looking for.”
Kichen says exploration is great when you’re getting started, but students should eventually narrow their focus.
“It’s fine to start by trying everything,” he said, “but at a certain point you must dial it in. Decide whether you want to be a SOC analyst, a penetration tester, or a product security engineer. Those roles need different mindsets that are cultivated through different kinds of activities.”
The Skills Behind Three Key Cyber Roles
1. Security Operations (SOC) Analyst
For analysts, Kichen values problem-solving and curiosity over memorization. “A SOC analyst’s job is to make sense of alerts that might mean something—or nothing,” he explained. “The best analysts go beyond the data presented to them and think about what else it could mean. That’s creative, non-engineering problem-solving.”
2. Penetration Tester
“A pen tester’s role is all about creativity,” Kichen said. “You’re tasked with testing and breaking into systems. There are usually multiple ways, and you may have to chain together various techniques. You need to think about efficiency, constraints, and results. It’s problem-solving as an art form.”
3. Product Security Engineer
“For this one, I look for people who’ve written software,” he said. “The best product security engineers are former developers. They know how code is built, which makes them better at finding vulnerabilities that creep in—whether written by a human or an AI.”
How Interview Questions Reveal a Mindset
When interviewing, Kichen uses questions that reveal how candidates think. One of his favorites: “When you press a letter on the keyboard, what happens between that and the letter being displayed on the screen?”
He’s not looking for a memorized answer—he’s trying to understand your level of abstraction. “If you say, ‘It creates a hardware interrupt on the CPU,’ that tells me you think about systems at a fundamental level,” he explained. “If you say, ‘I type a letter and it appears on screen,’ that tells me you’re thinking at a higher abstraction level. Neither is wrong, but it shows how you approach technology.”
Degrees Don’t Define Success
Kichen doesn’t equate education level with ability. In his experience, people with modest academic backgrounds can outperform those with advanced degrees if they have stronger curiosity, drive, and problem-solving abilities.
He is also a strong advocate for the community and technical college pathway. He views a candidate with a two-year degree from a local college and one from an Ivy League university on equal footing—until their abilities and initiative reveal the difference.
Studying for and passing an industry certification exam shows initiative and your ability to memorize. This is a start. But on top of that, one must demonstrate the application of knowledge through projects and active engagement with the cybersecurity community. “Don’t just attend cybersecurity conferences, see if you can give a presentation!” he recommends.
Internships and Initiative Open Doors
Kichen’s organization offers summer internships in both the U.S. and Europe, often in product and application security. Two of his recent hires were former interns. They were brilliant and eager to wrap their hands around the work.
Still, he cautions students not to wait for opportunities to appear. Go find opportunities. If they aren’t advertised, go create them. That’s what stands out—purposeful initiative that shows you’re excited about the work.
The Future Belongs to the Curious
Kichen predicts that AI and automation will continue to reshape cybersecurity roles—but not eliminate them.
The biggest differentiator for future professionals, he says, won’t be a degree or a certification—it’ll be curiosity.
“In this field,” Kichen said, “creative thinking still wins the day.”
