Why and How to Become a Security Manager
A security manager is that employee that takes charge of the entire IT security in an organization. In fact, anything related to cyber security is his responsibility; this includes developing any security solutions, getting the security policies implemented within the organization, or even holding training for the employees to improve their perceptions and practices of cyber security.
For this job as a manager, you will not be required for technical implementations yourself, or at least this is how it should be like. However, you should be knowledgeable with up to date kind of information when it comes to cyber security aspects. The entire organization’s security along with its measures rely heavily on you.
I just wanted to point out that it is really obvious that the job of a security manager could be misleading because some could think of it as physical security management such as security cameras, security guards, etc. However, we are just concerned with the cyber security management domain.
This is in fact considered as a midlevel management job. You should expect most of the responsibilities that are given by the following points.
- You should be able to design strategies for all the IT projects executed within the organization. You should also manage the execution of such strategies such that you are definitely sure about the security of all of these projects.
- You should also define the security policies to be followed within the organization, and furthermore, you should get them implemented and maintained.
- You should manage the security audits performed in the organization. In fact, any mitigation procedures or forensics analysis or other processes of that sort are all coordinated by the security manager.
- It is also one of your most important responsibilities to always be alerted for any security incidents that may occur in the organization for any reasons. You should then present a detailed analysis of the incident and what caused it to occur.
- It is crucial to understand that all security administrators, analysts, and IT professionals fall in the organization’s hierarchy under your position. This implies that you should always monitor their input and see how they perform.
- In fact, it follows that you are actually the key chain between the upper-level management and the other IT security geeks. You will deal with programmers, auditors, and risk assessment teams, while you are to deal with the principals of the organization. Good Luck with that.
- It is your responsibility to raise the level of security awareness within the whole organizations by holding several trainings on security protocols and best procedures and practices.
- A security manager should be responsible of assuring that the company is a compliant with the security standards that are commonly recognized.
- You should always select the best security tools to be used within the organization according to mainly the benefits wise for the organization’s security. But beforehand you should ensure that their implementations will be really helpful and will not cause harm to any other security aspects.
- After making sure about the security of such tools, you should create proper documentations to state what integration issues will result from implementing such tools in the network of the organization. Also, your document should have estimations of the total costs that will be required to implement these tools and fix such issues. Such documentations or reports should be submitted to C-Level executives such as a Chief Information Security Officer (CISO) or Security Director.
The department of cyber security is all under your control. You are the one that should determine the budget of every project to be pursued. Also, you should organize the staff schedule with the whole department.
Well, in fact a security manager should first take up the ladder starting from an entry level administration job which is typically one of the following:
- Security Administrator
- Network Administrator
- System Administrator
After having enough from such entry level administrative positions, you should get interest in one of the more specialized security positions in order to have sufficient experience to become Security Manager afterwards comfortably. Some of these jobs that you may be interested in are:
- Security Specialist
- Security Analyst
- Security Engineer
- Security Auditor
When you get the job as a security manager after that, try to make the best out of it and try to show how skillful manager you are. This will really open the door for you to seek a higher-level management position such as:
- Security Director
- CISO
In fact, most companies call this position Security Manager, yet they attach some other word next to it most of the time such as Information Security Manager for instance. Such different terminologies are typically of the same job functions or with slightly different tasks. Some of the terminologies are:
- Information Systems Security Manager
- Information Security Manager
- Information Technology (IT) Security Manager
- Systems/Applications Security Manager
- Security Manager (Systems/Applications/Information)
In fact, security managers are paid quite high. The average salary for a security manager according to PayScale is around $100,215 per year. The minimum salary though for this job is almost $69,984 while the salary could up to $142,816 when the security manager is really well appreciated in a company. It is needless to say that this includes your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
The minimum salary that I mentioned in the last paragraph actually in really rare cases and in rare countries when the job functions are not completely granted for the security manager. Consequently, you should expect a minimum of $85k when you work in Midwest. Or you could you work on East or West Coasts to find yourself comfortable with higher salaries than other places around the world.
To make a good candidate, at least you should be carrying a bachelor’s degree in computer science, cybersecurity, or a similar degree. Nevertheless, this does not mean that other degrees cannot work in this position. Well, technically if you earn a master’s degree with concentration in IT security, then your chance is fairly high to make a good candidate. In order for you to become a perfect candidate not just a good one, you should aid yourself with many cyber security trainings and certifications in the field.
In order to be eligible for such a critical management job, you should spend from at least 5 to 10 years surrounded with the career world of information technology generally. Particularly, you should spend 3 to 5 years of these years working specifically in the field of information security. That’s how experience is perfectly acquired.
A perfect security manager should be comfortable with programming skills, architecture aspects, and defiantly IT security matters. Some of the skills that you should take care of when thinking of the job as a security manager are given in the following list.
- You should be knowledgeable of concepts of IT strategy, enterprise architecture and security architecture and their best practices.
- You should have a solid background of networking issues and think of them from the perspective of a security point of view. Some of these aspects are like DNS, TCP, IP, routing and switching.
- You should also understand the security perspectives and implementations of authentication, VPN, proxy services and DDOS mitigation technologies.
- A security manager should be of great knowledge about frameworks like ISO 27001/27002, ITIL and COBIT.
- You should also be comfortable with compliance assessments such as PCI, HIPAA, NIST, GLBA and SOX.
- It is definitely necessary that a security manager have comfort using both Windows and Unix like operating systems.
- You should also have a solid knowledge when it comes to the most commonly used programming languages in the field such as C, C++, C#, Java and PHP.
- You should be up to date with protocols used for intrusion detection and intrusion prevention systems and firewalls.
- You should know what is meant by secure hacking and its practices. You should also have experience with ethical hacking and threat modeling.
- You should how network security architectures could be defined and developed.
- You should also be aware of how things work when it comes to performing the auditing using a third party and how also loud risk assessment methodologies could be obtained by a third party.
A final point that I want to mention here before we move on is that an employer does not really require from a security manager to be deeply aware of all of the aforementioned skills, but the employer needs to see the candidate for this job really understand the concepts of all of these topics.
Again, you are the linkage between the upper management and the technical staff. You will really have a hard time trying to satisfy the needs of both sides if you lack the required soft skills for this job. For sure, leadership and management skills are really a necessity when it comes to a management position. Plus, you need outstanding oral and communication skills to be capable of handling daily tasks wisely and in a smart manner.
Another important soft skill that an employer wants to see in you is the ability to perfectly multitask in the workspace between daily tasks. That is simply because there are tons of issues that you will be responsible for handling from your position. If you cannot multitask, you better train yourself first to be a better multitasker. Finally, it is needless to say that problem solving skills are also desired and that they help a lot those security managers to perform their tasks perfectly.
When taking of an important management position like the security manager position, certifications play a great role and they really matter a lot. In fact, an employer will be satisfied when seeing that you are certified by two very important certifications which are CISSP and CISM. The following list also gives you examples of some great professional certifications that are suitable for the security manager position.
