HOW TO BECOME A SECURITY MANAGER
A security manager is an IT professional who has likely seen and done it all. They have been through scores of technical and systems audits, have amassed higher education and skills, and are able to delegate resources and authority to other employees as it best suits their company's needs.
As a security manager, your job will be more managerial than technical. You will need to organize a team of professionals who can get the job done efficiently and correctly. You will work with them to create strategies for security protocols and audits. They will carry out your policies and procedures for corporate computer security to ensure that the company does not fall victim to corporate crime.
If a security breach does occur, you will need to head up a forensic investigation and then perform a thorough audit to assess the weaknesses in your systems. Then, it will be imperative to direct your team towards solutions that will ensure that future breaches do not occur. Another of your responsibilities will be to stay current with trends in cyber security. You may also want to consult with law enforcement professionals who specialize in cyber crime. The more you know about how the bad guys are creating and using malware or other tactics, the safer your databases will be.
Your days will be spent conducting tests and performing other assessments of new security software that you will be responsible for selecting and installing. You will need to know how to best manage a given budget for these items while maintaining a diligent watch over other budgetary concerns such as departmental payroll, hardware costs and expenses and incidentals that occur during a budget cycle.
Since you are a manager, you will be asked to do the hiring and firing for your security team. You will also need to be adept at working with employees who are having a difficult time, as well as being supportive when employees have a breakthrough moment in their lives—such as graduation from a master's degree program. The best managers are good communicators and their style will often be carried down through the department as an example of effective leadership.
If you work in a governmental agency or if you are a government contractor, you will need to make sure that your staff receives the appropriate security clearances for the work you are doing. You and your department may need to meet the same level of scrutiny as those in the military or Homeland Security.
SECURITY MANAGER VS. CHIEF INFORMATION SECURITY OFFICER (CISO)
If you are in a large company or agency, you might work as a security manager and have a CISO above you. Often this will be the case if there is more than one security department, or if there is one large department with multiple divisions, such as in a multi-national (or even multi-state) corporation.
In these types of situations the security manager might oversee a single department of between five and 25 IT professionals. Each manager would then answer to the CISO, whose responsibility would extend to oversee the entire security complex.
As such, the CISO would likely have risen through the IT ranks through a mid-level managerial position and finally arrive at the top of the security pyramid. The CISO's duties would mirror that of the manager he or she oversees, but on a larger scale. They would need to manage large budgets and hire other management-level employees. The CISO will set the tone for the entire department, and will need to maintain morale for everyone down to the entry-level network administrators.
EXAMPLE OF A CAREER PATH
There is no clear-cut path to being a security manager, but there are tiers of responsibility that apply to nearly every IT department. Starting from an entry level position, you will need to make sure that you are working in a security department, or that your job duties entail security protocols.
In the field of information technology, there are many jobs with virtually the same duties and descriptions but different names. When you have earned enough experience and garnered the skills to rise to a mid-level management position, start looking for jobs with these or similar titles:
- Systems Security Director
- Information Security Manager
- Information Systems Manager
- IT Security Director
- Systems/Applications Security Manager
ANNUAL MEDIAN SALARY OF
Information Security Manager
Experts in the field of computer security are in great demand and in these periods of high demand, professionals can also command high salaries. According to the U.S. Bureau of Labor Statistics' current Occupational Outlook Handbook, the median annual salary for an information security manager is $146,360. The job outlook for the field is quite positive too, with projections showing a 11% growth through 2028—a figure the BLS states is much faster than average.
To become a security manager, you need to have approximately 10 years of experience in computer security. You will need to meet a minimum education requirement of a bachelor's degree with additional certificates. If you want to progress past a security manager position, you will likely need an MBA that focuses in IT security. This will help you get noticed for senior and CISO roles in your company or agency.