In this video, Marc Menninger describes key roles and functions performed by IT security directors. Discover which skills and certifications IT security directors are expected to have. Learn how many years of experience and other requirements you'll need to qualify for this high-demand IT security job.
- IT security directors provide the organization security vision and work with their teams and senior leadership to ensure their vision gets implemented. As an IT security director you will leverage your extensive IT and management experience to lead security programs and the deployment of security technologies. IT security directors supervise security departments and ensure security policies, procedures, and protocols are being executed correctly and by the appropriate teams. And, as members of an organization's executive management, IT security directors must prepare and deliver technical security reports to other members of the executive team.
In addition to IT security director, common job titles include: information security director, chief information security officer or CISO, chief security officer or CSO, and deputy CISO. IT security directors must have strong technical management and people skills. Key technical skills they need are a thorough understanding of TCPIP, computer networking, routing and switching, DNS, authentication, VPN, proxy services and DDoS mitigation technologies.
Because they are responsible for managing the security of an entire organizations, directors must have a deep knowledge of ISO 27001, 27002, ITIL, and COBIT frameworks, as well as PCI, HIPAA, NIST, GLBA, and SOX compliance assessments. IT security directors need to see the big picture, so IT strategy, enterprise architecture, and security architecture skills are essential. And due to the nature of their position, they need to have strong interpersonal, written communication, oral communication and analytical skills.
IT security director jobs aren't entry-level positions. Most job postings will require a minimum of eight years in the IT security field and a minimum of four years experience managing direct reports. Almost every director role will require a bachelor's degree in a related field. This means an IT field, such as a Computer Information Systems degree. Other technical degrees may also be accepted. And it's not unusual to have jobs listing also require a master's degree for director positions.
They will also be expected to demonstrate a track record of strong performance management, mentoring, and team development. Frequently desired certifications for IT security directors include: CISA, CISM, CISSP, and CISSP-ISSMP. An IT security director job represents the pinnacle of the IT security career track. It's a high responsibility position perfect for people who have the experience and vision to lead the security of an entire organization.
Marc closes with a few pieces of career advice specific to the world of information security, which will help you succeed in this dynamic and high-demand industry.
- IT security key concepts
- Understanding the job marketplace (government vs. healthcare, etc.)
- IT security success traits
- Career specializations
- IT security certifications
- Getting experience
- Marketing yourself