Ask the Expert

Strategies for landing a security management position

I am a Certified Ethical Hacker (CEH), but cannot get a job as a security officer. I also have a Masters Computer Diploma. What strategy should I pursue to land a security management position? Should I get a CCNA or CCSA certificate?

    Requires Free Membership to View

    Login

Management is not a technical skill, so you might be moving in the wrong direction. Having technical competence is actually a small part of being a security officer. The role I call "CSO Next" requires a new set of skills -- presenting, selling and ultimately understanding the ramifications of security to your business.

Let's discuss each of these ideas in turn. The most important skill a senior security officer needs is the ability to work with their peers on the senior team, meaning they have to be more of a businessperson than a technologist. Security officers must assist the employees in charge of the operation in order to understand the impact a security risk can have on the business. This has been a major focus of my research, culminating in the publication of the Pragmatic CSO, which details a new approach for the business of security management.

Talking about hackers and crackers and other attack vectors will go over like a lead balloon. These folks are all about business and want to see what kind of security program is in the works. How do you define success? How are you going to get there? What milestones are you using to ensure progress is being made?

Every VP of operations or general manager runs his or her business according to a plan. They are accountable for all commitments and must frequently report progress in an understandable and meaningful manner.

As such, an ethical hacker certification is not sufficient. Although you know how to think like a hacker, you have little experience as a businessperson, which is imperative when planning a career in security management.

So I'm of the opinion that a certification like CCNA or CCSA won't be very useful in landing a role in security management. I would do a couple of things if I were you. First, I'd learn as much about my business as I could. A good way to do that is to try to find a mentor who understands the business, who can teach you how it works. Finding a well-placed mentor will also give you more visibility in the organization.

I'd make sure I was a clear and effective communicator and writer. Maybe that means joining ToastMasters and/or taking a writing course. Communication is one of the most important skills a CSO has, so invest in making sure you can do that effectively.

For more information:

  • Determine if your information security career is on the right track.
  • Security practitioners reveal what they believe those embarking on an information security career should know about the IT industry.

    • This was first published in July 2007

    Join the conversationComment

    Share
    Comments

      Results

      Contribute to the conversation

      All fields are required. Comments will appear at the bottom of the article.
      Back to top