Why and How to Become a Security Director
This is the type of job that may call a really senior level position. As a security director, you are expected to oversee the entire security measures within your organization such that you make sure everything is going on the right track in terms of cybersecurity. In fact, you are the big boss of security in your organization, similar to or even the same as a Chief Information Security Officer (CISO) in some small organizations. You will be in charge of every single aspect of cybersecurity from budgets to staffing to security protocols to incident response.
A security director actually has a bunch of responsibilities according to his high-level authority within the organization. Most of the responsibilities that you may face on a daily basis whilst your work as a security director are given in the following list.
- All the IT security programs, projects, and departments are all supervised by the Security Director in the first place.
- You are responsible for making your calculations accurately to ensure that all the resources are allocated to the maximum efficiency within the IT security departments of an organization.
- You should also define all the security policies that should be applied in your organization and implement them along with planned security procedures.
- You should always make sure that all the processes of IT systems development are integrated with the defined security policies and strategies for information protection.
- You should always be aware of any security vulnerabilities that exist within your organization’s network and host systems. You should also keep monitoring the threats and events occurring inside these systems.
- You are completely responsible to organize the way in which the organization is to handle any security incident through setting a clear strategy to respond to such incidents and perform forensics investigations afterward. Furthermore, all the security investigations are to be directed by you using your strategies and you should be the focal point to refer to whenever help is needed by security teams.
- Financial matters are also considered one of your main focal points when it comes to cybersecurity procedures that the organization would undertake. In fact, you should always make cost predictions of every step or project that is about to be performed in the cybersecurity departments. You should also estimate the costs needed for maintenance of all the security assets owned by the organization.
- You play a vital role in the tasks of strategic planning to help the organization deploy an information security tool or enhance a program or so.
- It is your responsibility as a security director to always check that security policies, procedures, and protocols are all followed by technical teams in the organization in their different operations.
- You should be an actual leader to all the staff working under you in the position hierarchy. This means that you should always hold different trainings for them, provide assistance whenever needed, and enhance their leadership skills such that they are able to take up the ladder of position to higher managerial positions in the short and long run.
- You should always design and implement education programs that aim at raising user awareness and security compliance.
- You should always report to the executive management with appropriate documentations and senior level technical reports.
- You should always make sure that the security tools and practices are legal, following both regulatory and local organizational requirements.
- It is also your role to hire new staff for security positions, review the current staff’s performance, and fire whoever not worth it.
Finally, in the position hierarchy, it is typically the case that your immediate supervisor is CISO.
Working for a top level managerial position like a security director is of course attractive and seems sexy. However, remember that this means that you should be willing enough to spend the time and effort in some other information security jobs in order to get you prepared for this critical position. Such jobs that you could start your career in information security are given in the following list.
- Security Administrator
- Network Administrator
- System Administrator
After you get the sufficient knowledge and experience from one of these jobs, you should then consider some other information security jobs that are more specialized into the field. Examples of these jobs are:
- Security Specialist
- Security Analyst
- Security Engineer
- Security Consultant
- Security Auditor
After getting the experience in one or more of these jobs, then you should seek one of the senior level jobs from the following list.
- Security Manager
- IT Project Manager
- Security Architect
- Security Auditor
Then the big boss position that you may think of after that is Chief Information Security Officer (CISO).
In fact, you will rarely see the position of Security Director posted in a job posting anywhere. It will be referred to in many other terminologies such as:
- Deputy CISO
- Information Security Director
- Senior IT Manager
I think it is also worth mentioning that a security architect job role may be similar to the job of a security director, yet the security director is of a higher level of management than a security architect. Also, a security director is more into the business processes more than a security architect.
There are two categories for this job as a security director according to PayScale.
- Director, Computing/Networking/Information Technology (IT) Security: for this job category you should expect an average salary of $104,775. The minimum payment for this job is generally $66,732 per year while the maximum payment is $175,162 per year.
- Security Director, Computing/Networking/Information Technology: for this job category you should expect an average salary of $116,245 which is quite higher than the average salary of the first category. The minimum payment for this job is generally $67,563 per year while the maximum payment is $179,608 per year.
It is of course the case that total pay figures include your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
Technically speaking, you mostly will not be able to become a Security Directory unless you climb the ladder up starting from other lower level information security position. To go through these positions, you will need a bachelor’s degree in Computer Science, Cyber Security or a related technical field. For sure, if you carry a master’s degree in a relevant field with a concentration in IT security, this would be a privilege for you over other candidates for the same position, especially when it comes to large scale organizations. Finally, it is always advisable that you never settle down and keep on gaining more and more professional certifications in IT security and keep on training in the field as well.
I would say that you should not expect yourself a Security Director in an organization before spending at least 7 years in the field of IT and security. Particularly, of these years you should spend at least 5 years on some security management positions, managing operations and teams in the cybersecurity domain.
Since you are in a senior level position, you should be really knowledgeable of many security tools and solutions and understand them theoretically as well practically. There are a bunch of technical skills that you should have before thinking of applying to become a Security Director. The following list attempts to mention most of the technical skills that you should be having for the position.
- You should be aware of both the architectures of enterprise and security.
- You should also be knowledgeable of practices and methods when it comes to IT strategy.
- You should have a solid background in computer networking concepts from a security perspective such as DNS, authentication, VPN, proxy services and DDOS mitigation technologies. Also, experience with TCP/IP, routing and switching is necessary.
- You should be comfortable when dealing with frameworks like ISO 27001/27002, ITIL and COBIT.
- You should be experienced with the common compliance assessments such as PCI, HIPAA, NIST, GLBA and SOX.
- You should definitely be comfortable when dealing with both Windows and Unix like operating systems.
- You should have hands-on experience working with different programming languages like C, C++, C#, Java and PHP.
- You should be standing on a solid ground when it comes to protocols that deal with intrusion detection, intrusion prevention, and firewalls.
- Knowledge of the concepts of practices for secure coding is also essential. In addition, you should be experienced with techniques for ethical hacking and threat modeling.
- You should be aware how network security architecture can be defined and further developed.
You should gain knowledge along the way of the rules and methodologies used for third part auditing and cloud risk assessment.
First of all, you should know how to be a real leader. This position involves a great of management procedures, making leadership skills really necessary for it. For example, you should be a model for prioritization, coordination, collaboration, facilitation, organization, etc. Consequently, oral and communication skills make all the difference for an employer who wants to see that a candidate is not just solid on a technical background but he knows how to communicate with both CEOs of the organization and the staff under him in hierarchy.
The ability to work under stress, having a strict deadline and with limited resources to finish a project is also an important skill that employers want to see in their potential candidates. Finally, your problem-solving skills are really essential and your abilities to be process oriented individual are really praised and recommended.
It comes without saying that a security director has to be carrying some professional certifications before getting accepted in the job. In fact, any top managerial position makes it necessary to be carrying some certificates beforehand. For this particular position, the mostly required certifications are both CISSP and CISM. In addition, the coming list points out some other certifications that you could consider to be a perfect candidate for a Security Director position.
