Real world hands-on experience

A successful information security manager is not going to use your organization as the proving ground for untested theories or ideas. This manager needs to be immediately credible -- your organization can't afford to take the risks that are involved in developing credibility over time. He or she must have relevant prior experience in the real world of information security, and ideally this would be both as an external consultant and also as an internal information security manager. This will give the manager a taste for what it's like to work in the information security field and will allow the manager to bring that prior experience to bear on the problems your organization is facing. Hands-on experience not only helps prevent the manager from making stupid mistakes or taking positions that are clearly inconsistent with standard industry practices, it also most importantly buys the information security manager a lot of additional credibility. This credibility will be very important when selling information security to various constituencies such as top management and internal technical staff. One additional benefit to having an information security manager with prior hands-on experience is that he or she knows what they are getting into when they take a job and will therefore be less likely to quit after several months because the job didn't turn out to be what the manager hoped it would be.


  Excellent communication skills
  Good relationship management skills
  Ability to manage many important projects simultaneously
  Ability to resolve conflicts between security and business objectives
  Ability to see the big picture
  Basic familiarity with information security technology
  Real world hands-on experience
  Commitment to staying on top of the technology
  Honesty and high-integrity character
  Familiarity with information security management
  Tolerance for ambiguity and uncertainty
  Demonstrated good judgement
  Ability to work independently
  A certain amount of polish

Information Security Roles and Responsibilities Made Easy, Version 2
By Charles Cresson Wood
278 pages; $495
Published by Information Shield

Download Appendix B, Personal Qualifications
This was last published in September 2005

Dig Deeper on Information security policies, procedures and guidelines

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.