Kodjo Hogan, M.B.A., CISSP, CCSP, Business Information Security Officer
AI GovernanceCybersecuritySecurity

The Thought Leadership Has Sailed

cxomagazine
By Kodjo Hogan, M.B.A., CISSP, CCSP, Business Information Security Officer

What Breaking Into Cyber Actually Looks Like in 2025 (And Why This May or May Not Be the Best Advice You’ll Get… Buuuutttttt It’s Probably Better Than Most!)

Caution: extreme nerd humor ahead. “Dova Kinh + Star Trek” references included.

This weekend, I was planning to kick back and revisit Tamriel, maybe conquer the Isle of Skyrim again. But instead of swinging swords, shouting “Od-Ah-Viing,” and riding my dragon companion victoriously off into the sunset, I found myself diving deep into AI, security, risk, and governance.

Now I don’t know what happened, but one minute I was neck-deep in Draugr, and the next, I was neck-deep in documentation, frameworks, and the evolving landscape of digital responsibility.

The Myth of the “Cool Tech Job”

As an information security professional, one of the most common questions I get is: “How do I break into cybersecurity?” I attribute that to Hollywood. The film industry has gone a long way in turning my job into the “cool tech job.” From the outside, people envision me staring at multiple giant monitors, rewriting code, and out-typing a nefarious hacker on the other side of the firewall, only to make it to SoulCycle at 6:00 PM. That’s not quite reality. Now, I think my job is cool, just not that cool. (Just in case you were wondering, a lot of my job is about communication and investigation, the very mundane and very normal people kind.)

My Non-Traditional Path

I came into this profession through a non-traditional path (Finance and Operations, for inquiring minds), so I had to stand out. I went left when others went right, studied hard, and “Fus Ro Dah’d” the CISSP exam into Aetherius. At the time, that made sense when fewer than 100,000 people globally held the certification. Now that number has nearly tripled, and the game has changed.

Timeless Advice: Go Where the Path Isn’t Marked

But the best advice hasn’t changed: go where the path isn’t marked. That’s where the real growth lives. Ford, Jobs, Gates, and more recently, Altman, Amos WinBush III and Huang all followed that principle.

Back then, it was CISSP. Today, it still starts with the fundamentals of Security+, Network+, or CySA+, and then progresses to CISSP, CISA, or CISM. But if you stop there, you’re missing the edge.

But here’s the good news: you can learn AI governance while learning security. The paths are converging.

The 2025 Edge: AI Governance and Risk

In 2025, the edge is AI governance and AI risk.

We’re in a moment where AI is being injected into every layer of business and technology. The reality is that AI isn’t replacing security; it’s multiplying the risks that need to be governed.

There are now over 100,000 job listings each year asking for skills in AI governance, ethics, and responsible deployment. These aren’t just for engineers. They span legal, regulatory, operational, and yes, technical roles. The New York Times recently outlined 22 new jobs AI is creating, and most of them are rooted in these areas: NYT article.

You Don’t Need to Be an AI Wizard

You don’t necessarily need to become an AI wizard, but you do need to be the person who knows how to build the scaffolding that allows AI to scale without causing harm.

The Hype Has Left Port, But Here’s What Remains

The hype wave of AI thought leadership has already sailed, loud, triumphant, and headed in every direction. But what’s quietly rising is the infrastructure that supports it: governance, policy, model risk, and responsible deployment (think Lower Decks; Boimler vs Riker). It’s not flashy, but it’s critical. And it’s where long-term impact lives.

Security isn’t shrinking. It’s evolving. The next generation of cyber leaders won’t just manage alerts; they’ll govern the machine.

Don’t Follow the Crowded Path

So, if you’re trying to break in or level up, don’t follow the crowded paths. Follow the overlooked ones. And if you’re already in cybersecurity and wondering what’s next, this is it.

No Mage Light. No Skill Book Shortcuts.

Keep in mind, this isn’t an overnight skill-up. You can’t cast Mage Light into the mountains outside of Solitude and hit level 100 in Alteration. You can’t read or reread a single skill book in AI Governance and hit legendary skill status.

But here’s the good news: you can learn AI governance while learning security. The paths are converging.

Let’s talk if this resonates. I’m still learning, too.