HOW TO BECOME A SECURITY DIRECTOR
Every IT department needs a top-level manager to oversee its security operations and personnel. You can become eligible for a position as a security director after many years as an auditor, penetration tester, or if you have experience elsewhere in the computer security field.
A security director is one of the leaders in the IT field. They are responsible for the maintenance and development of security protocols for a company's databases and networks. They are expected to write the rules and regulations for everyone on their team of dedicated security professionals who integrate security measures alongside the rest of the IT department.
They can ensure that security measures are taken when the network needs maintenance or during something as seemingly routine as a software upgrade occurs. At those times, a programmer might make a simple error that exposes a database, so the security team needs to be vigilant so that a security breach does not inadvertently occur due to simple human error.The director is also responsible for heading up investigations in the event of a security breach. Whether that breach is an accident from inside the corporate firewall, or a deliberate and malicious attack from an outsider, the director will be responsible for getting to the bottom of the problem. From that point, the director is responsible for devising solutions to the problem.
As a manager, a security director needs to hire a team that will best carry out the cyber security needs of the company or department. Training and employee development also falls into the lap of this manager, as will hiring and firing. Other management duties may include working with budgetary concerns for payroll and spending on new hardware and software.
When you rise to the level of security director, you will likely answer directly to a Chief Information Security Officer (CISO) or perhaps a Chief Information Officer (CIO). Your consultations with the CISO will often have a direct impact on the overall stature of the IT systems and operations in the company.
SECURITY DIRECTOR VS. SECURITY AUDITOR
Though seemingly very similar, a security director and a security auditor do very different jobs. In fact, they may work in the same department but the director functions as the supervisor.
The security auditor is responsible for monitoring the networks and databases on a daily basis, then preparing reports for the director to review. The auditor will need to do the nitty gritty work of combing through database log documents in search of an SQL injection, or if there is an instance of malware or a virus somewhere in the code. They will often defer to the director with tough questions and discuss the best methods for attacking a problem.
When a full audit of a large company is needed, the two may work more closely, but the director will often be called away for managerial meetings, or to review work. After the work of the audit is completed, the auditor and director might work together to create a presentation for the CISO and other top "C-grade" executives.
A security director will also need to delegate tasks and responsibilities to his or her security team. In fact, much of a director's job will be managerial rather than technical. After proving yourself in the cyber security field, you will be able to share the benefits of your experience and knowledge with your staffers, leading them as they continue to maintain the safety of the network.
POSSIBLE CAREER PATHS
The path to a position as a security director can take many specific forms, but it will be important to find your way into a security position as soon as you can. From your entry-level work, you can rise up to a full security position and then into management. Though corporate structures will vary, there is one final step after security director—CISO. Here is a general schematic of the tiers this career path moves through:
There are many titles for jobs that carry near-identical job duties as security directors. When you are ready to seek out a director-level job, make sure that you have adequate security training, experience and skills to match the job description of the position you desire. Some similar jobs may include:
- Deputy CISO
- Information Technology Security Director
- Senior IT Manager
- Senior Project Manager
ANNUAL MEDIAN SALARY OF
A security director is capable of commanding a significant salary. In 2016, the U.S. Bureau of Labor Statistics found that the median salary for an Information Systems Manager was $135,800 a year. Furthermore, they say that the growth rate for this job description is expanding at 12 percent, which is much faster than the average for all other career fields.
In order to become a security director, you will need to have a lot of experience performing security audits. Most managers spend approximately 10 years in IT prior to receiving this promotion.
Your education will need to be at least a bachelor's degree, but a master's degree in computer science, cyber security or information technology will help you advance. Other education that might help include an MBA, professional security certifications and masters-level certificates in cyber security.
Your technical skill set needs to include these tools:
- C,C++, C#, and PHP or Java coding languages
- Firewall protocols
- Windows, Macintosh, Unix, and Linux operating systems
- Knowledge of ethical hacking practices
- Familiarity with third-party audits
- Excellent written and oral communication
- Leadership ability