Manage Learn to apply best practices and optimize your operations.

Is it best to focus on the technical or business side for a management position?

I'm currently a network/system administrator for a financial institution with $300 million asset. Through my continous security initiatives, my work is thinking of promoting me to a "security officer," reporting to the Compliance Officer. Although I've been preparing for the CISSP and recently passed Security+, I don't have any management experience. Taking my background and my company's structure, should I concentrate more on the technical side or business side while preparing for the role? Where can I get the training? Thank you in advance for your advice.

Given that the job of security officer is more technical and doesn't involve as much old-line management responsibility (people management or assuming financial responsibility for some revenue-producing or consuming part of a business) I think you're best off sticking more to the technical side of your new planned job role. That said, one of the most important aspects of a security officer's job is to perform a risk assessment that relates to possible threats to company systems, information, people and assets, and to help formulate proposed responses to such threats where warranted. This requires a deep understanding of the value of information and other organizational assets and a sense of the trade-offs necessary to decide how much it's worth spending to protect and/or preserve such assets. Of course, this requires taking a hard-nosed, hard-boiled and value-oriented look at your company and setting limits on how much you could or should spend to protect them. Obviously, this does require some business acumen. But you'll be pleased to hear that by preparing for Security+ and CISSP, you should get exposure to the concepts and tools you'll need to do this kind of work.

Thus, a good class or boot camp on CISSP should help you get ready to handle this part of your job. There are plenty of good books on this part of the field as well. One of my favorites is by fellow SearchSecurity.com site expert Mandy Andress and is entitled "Surviving Security" (Sams, 2001, ISBN: 0672321297; List Price: $15).

For more information on this topic, visit these other SearchSecurity.com resources:
News & Analysis: Does your CSO need to be a techie?
IT Career Expert: Security invades upper-level management
News & Analysis: University CSO provides education, security in nonprofit environment

This was last published in December 2002

Dig Deeper on Information security program management