Honesty and high-integrity character

The information security manager needs to have a squeaky-clean criminal record as well as an open-minded and questioning personality that inspires trust. Some scrupulous organizations go further with additional background checking, for example requiring the information security manager to have a clean credit report. All this makes sense because the information security manager must be a paragon of virtue and honesty, in addition to being an exemplary employee. Above all, this individual must not be a former hacker because this will often cause others within the organization to be untrusting and uncooperative. In the eyes of many, being a hacker is equivalent to being a malicious and irresponsible person who is out to get them. While hackers are often on top of the latest information security vulnerabilities, they frequently lack extensive experience in the business world, and they frequently lack the diplomacy and people skills necessary to do a good job as an information security manager. There are available people with exemplary characters, who are also on top of the latest developments in the information security field, but you may need to pay them well. Just as a well-managed organization would generally not hire an office employee who had previous convictions for violent behavior, so an organization should not hire a "former" hacker who has run afoul of the law. Even if the candidate for an information security manager position has no criminal convictions, any candidate who boasts about being a former hacker should be avoided like the plague. If a newly-hired information security manager were to send confidential internal information to his or her friends in the hacker community, the hiring organization could soon find itself overrun by unwelcome visitors who are using its networks and systems for illegal activities. If you are still intent on hiring a former hacker, think long and hard about the reputation risk that goes along with such a move. Is your firm really prepared for the negative publicity and the loss of customer confidence that goes along with hiring someone who has demonstrated that they have a different set of ethics than most of the others who work at the organization?


  Excellent communication skills
  Good relationship management skills
  Ability to manage many important projects simultaneously
  Ability to resolve conflicts between security and business objectives
  Ability to see the big picture
  Basic familiarity with information security technology
  Real world hands-on experience
  Commitment to staying on top of the technology
  Honesty and high-integrity character
  Familiarity with information security management
  Tolerance for ambiguity and uncertainty
  Demonstrated good judgement
  Ability to work independently
  A certain amount of polish

Information Security Roles and Responsibilities Made Easy, Version 2
By Charles Cresson Wood
278 pages; $495
Published by Information Shield

Download Appendix B, Personal Qualifications
This was last published in September 2005

Dig Deeper on Information security policies, procedures and guidelines