This article will be divided into two general categories — Information Security Manager Skills and Information Security Manager Traits. The Skills section documents the type of skills that a candidate for information security manager should expect to have picked up, either on the job or through their education. The Traits section documents a more intangible, soft set of skills that the candidate has most likely discovered about himself or herself before applying for the position. In other words, if you have not noticed the traits expected of a good information security manager in yourself by this time, you probably will not be the strongest candidate for this position or will need to make up the deficiencies in other areas.
Background of an information security manager
To define the skills and traits that an information security professional should have picked up at this point begs one serious question: What sort of educational and professional experience prerequisites exist for the information security manager? Information security managers need at least a bachelor’s degree in an information security- or IT-related discipline. Some organizations will hire you on with just a bachelor’s degree in any field for your first information security job. Other organizations may require a master’s degree in an information security-related field to offset a bachelor’s degree with a non-technical degree. In terms of professional experience in the field, you will generally want to have at least five years of information security experience before you are qualified for this position. With that said, a career that shows a history of steadily progressing up the information security ladder will probably put you in the best spot for this position, because it demonstrates a steady increase in both responsibility and acquired skill.
Information security manager skills
The list of skills required of a successful information security manager may seem daunting at first. However, these are the skills that a successful information security professional would have picked up in their career up to this point. Below is a general overview of the categories of skills organizations are looking for, including lists of the specific skills under their respective categories.
Security/network architecture
Information security managers are expected to not just be familiar with security and network architecture; rather, they must have mastered this category of skills before applying for this position. The skills involved include:
Practices and methods of security architecture, enterprise architecture and IT strategy Security architecture definition and development Security concepts related to routing, DNS, VPN, authentication, DDOS mitigation technologies/tools and proxy services Firewall and other security tools and technologies Intrusion prevention and detection protocols Networking concepts related to TCP/IP, switching and routing Security infrastructure and network configuration
Systems and frameworks
There are several systems and frameworks that a successful information security manager will want to have acquired before taking on this position. These include:
Linux UNIX Cisco Python Information assurance Virtualization/VMware Active Directory ISO27001/27002, COBIT and ITIL frameworks
Compliance-related skills
Information security managers will also be expected to have a strong compliance background. This translates into the ability to effectively assist compliance auditors if and when needed, as well as having experience with the following compliance assessments (to the extent that it is relevant to their organization):
HIPAA PCI GLBA NIST SOX
Information security manager traits
This a short list of the required traits that most successful information security managers possess. This list should give you a good idea for what organizations will expect you to be equipped with, trait-wise:
Communication
Communication is absolutely essential for the position of information security manager. Effective information security managers are expected to act as the focal point of communication between their respective information security department or team and the rest of the organization. Information security managers need to have open, effective communication with all other department managers with the organization. Part of this is maintaining a good relationship with these other department heads.
Analytical skills
Information security managers must have a highly-developed analytical sense. They must be able to quickly analyze high-level information security issues and see them to resolution. Since information security managers are often the highest level of event escalation in their department or team, the buck stops with them.
Adaptability
Adaptability is one of the most essential traits to being a successful information security manager, and with good reason. On an almost daily basis, issues could potentially arise and events could occur that would require both a high-level understanding of the information security environment and quick adaptation to bring about successful resolution. While good planning and strategy could avoid much of this, you can never plan enough to not be adaptable.
Innovation and growth within constraints
The last trait we will discuss (but by no means the last trait) is innovation within constraints. Specifically, the constraints we are concerned about here are budgetary constraints. Budgetary constraints dictate how much funding can be allocated to the information security department or teams within the organization. With these financial boundaries in place, information security managers must be able to effectively adopt new information security and IT technologies and tools into the organization. Information security managers are also responsible for hiring new information security staff members which must always be figured into the budget.
Conclusion
The role of information security manager is a major milestone in the information security careers of many, and for some, it may be their ultimate goal. Whether you fall into one of these categories or you are simply in the exploratory phase of pursuing a career in information security, you can expect the skills and traits listed above to be required of you for this position. If, after soaking in the information above, you think you are a good representation of said skills and traits, you will be a strong candidate for an information security manager position.
Sources
10 Traits of a Successful Cyber Security Manager, Part 1, The Squires Group Inc. Become a Security Manager, Cyber Degrees Be an Information Systems Security Manager: Career Roadmap, Study.com