Real world hands-on experience

A successful information security manager is not going to use your organization as the proving ground for untested theories or ideas. This manager needs to be immediately credible -- your organization can't afford to take the risks that are involved in developing credibility over time. He or she must have relevant prior experience in the real world of information security, and ideally this would be both as an external consultant and also as an internal information security manager. This will give the manager a taste for what it's like to work in the information security field and will allow the manager to bring that prior experience to bear on the problems your organization is facing. Hands-on experience not only helps prevent the manager from making stupid mistakes or taking positions that are clearly inconsistent with standard industry practices, it also most importantly buys the information security manager a lot of additional credibility. This credibility will be very important when selling information security to various constituencies such as top management and internal technical staff. One additional benefit to having an information security manager with prior hands-on experience is that he or she knows what they are getting into when they take a job and will therefore be less likely to quit after several months because the job didn't turn out to be what the manager hoped it would be.


  Excellent communication skills
  Good relationship management skills
  Ability to manage many important projects simultaneously
  Ability to resolve conflicts between security and business objectives
  Ability to see the big picture
  Basic familiarity with information security technology
  Real world hands-on experience
  Commitment to staying on top of the technology
  Honesty and high-integrity character
  Familiarity with information security management
  Tolerance for ambiguity and uncertainty
  Demonstrated good judgement
  Ability to work independently
  A certain amount of polish

Information Security Roles and Responsibilities Made Easy, Version 2
By Charles Cresson Wood
278 pages; $495
Published by Information Shield

Download Appendix B, Personal Qualifications
This was last published in September 2005

Dig Deeper on Information security policies, procedures and guidelines



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.







  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...