Data that a company keeps regarding its customers, employees, and even its competition has to remain safe. A breach in security can lead to credit card numbers being stolen, the release of sensitive data to the public, and a host of other developments that can leave an organization embarrassed and in legal trouble. This is where cyber security comes in: the set of protocols put into the place by a group of information technology experts. The leader of this group is called the Cyber Security Director. These employees have experience in the field as well as management and communication skills that meet or most likely exceed the acceptable minimum requirements.
What Does a Security Director Do?
A cyber security director is in charge of an organization’s Information Technology Department. The position reports directly to either the Chief Information Security Officer (CISO) or the Chief Operating Officer (COO). The cyber security director is tasked with creating the security framework that keeps an organization’s network and electronic data safe from cyber invasion. This mean managing a team of IT techs, making sure the network is as secure as possible by using the right technology to protect it, and making sure employees know how to recognize a possible threat. Directors are typically highly educated, hold several IT certifications, and have been working in the IT and cyber security fields for at least 10 to 15 years. Although they are referred to as cyber security directors in this document, those in this position could also hold titles such as Deputy Chief Information Security Officer, Information Security Director, or Senior IT Manager.
What are Their Responsibilities, Common Duties, and Tasks?
Cyber Security Directors have a lot of responsibilities. They’re not just information technology experts, they also have managerial duties and need to have excellent communication skills since they have to interact with c-level employees, those they manage, vendors and sometimes clients.
Some of the responsibilities and duties of a cyber security director include:
- Being in charge of the cyber security unit that oversees the security of an organization’s network and electronic data
- Putting protocols in place to ensure security
- Managing a team that prevents and combats cyber security threats
- Training employees on how to prevent and detect cyber security threats
- Assessing the costs and benefits of new projects and justifying operating costs to top-level executives
- Negotiating with vendors for the best possible deals for the organization’s technology
Becoming a Security Director
To get to the position of cyber security director, a person travels a relatively linear path, though there is some wiggle room in regard to the positions held prior to the director position. The first step is becoming an administrator, either in security, networking, or systems. While in this position, a bachelor’s and possibly a master’s degree should be attained, if not before taking the administration position. After four to five years of experience working as an administrator, the employee can take the Computer Information System Security Professional (CISSP) examination and apply for acceptance into the (ISC)2 organization.
The next tier of employment leading toward a director position is a position as a security specialist, security analyst, security engineer, security consultant, or a security auditor. These positions require a person with several years of experience working as an administrator and most likely a CISSP certification. Also, this is a good time to attain another certification in Management Information Systems (MIS).
After working in one of the above positions for several years, management positions will begin to open up. Some of the possibilities include Security Manager, IT Project Manager, and Security Architect. Once you have worked in one or more of these positions for several years, the possibility of becoming a cyber security director is within reach.
Typical Requirements for Employer Hiring
A cyber security director position is not an entry-level position. In fact, it’s only one ladder rung away from being a C-level position, which is why some companies refer to their cyber security directors as Deputy-CISOs. In order to be considered for this high-level position, most employers require these minimum requirements.
- A minimum of a bachelor’s degree in information technology, information systems, network administration, or systems administration. A Master’s degree in one of these areas or in cyber security is preferred
- 10-plus years of working experience in the areas of information technology, information systems, cyber security, system administration or network administration for someone holding a bachelor's degree - eight or more years’ experience for someone with a master's degree
- 5 years of experience working in information technology and/or cyber security
- A minimum of 10 years working in a leadership or management position
- A minimum of 5 years working in cyber security and experience in policy, procedures, and processes
- Management Information System, CISSP, or other security certification
As you can see, this is a position for someone who has been in the field for a while. Different companies will have different requirements for their directors, so if this is a position you eventually want to hold, it is a good idea to position yourself as an expert in a particular niche as much as possible and work your way up through the ranks in that niche. It is possible for a generalist to make it to cyber security director, but that person must also possess extraordinary soft skills in management, communication, sales, or a combination of those.
A cyber security director needs a specific set of skills in order the carry out the tasks required to keep an organization’s electronic data and networks safe.
Some of these skills include:
- Certifications required to perform and execute required security tasks
- Management experience
- Work experience in the information technology and security fields
- High aptitude for math
- Carefully honed detection skills
- Experience working on and maintaining computer equipment
Along with the above technical skills, a director will also need the following soft skills:
- Excellent written and verbal skills
- Sales negotiation skills
- The ability to multitask
- Interviewing skills
- The ability to both manage and work with a team, as well as work independently
Security Director Salaries
Cyber security jobs offer excellent salaries. It is the trade-off for what can be a demanding and stressful career. According to Payscale.com, on average a Cyber Security Director makes $142,000 annually. There’s quite a bit of fluctuation between the high and low end of the pay scale. The bottom 10% of cyber security directors made $85,000 in 2018, while the top 10% of directors earned $208,000 each year. The fields where a cyber security director can expect to make the most is the Information industry as well as finance and insurance.
Outlook & Jobs
Like most jobs in the cyber security field, the outlook for cyber security directors is favorable. According to the US Bureau of Labor Statistics, there were 414,450 workers in the cyber security/information technology field, with roughly 10% of those being security director positions. Between 2018 and 2028, another 46,800 jobs will be added. This equates to job growth of 11%, much faster than job growth in other areas. The increase is due in part to the ever-increasing use of the internet, as well as more organizations adding cyber security teams to their staff. Most of the jobs will be in the private sector, but government jobs at the state and local levels will also bring additional opportunities. Unless there is a drastic change in how technology is used or there is an overall decrease in its usage, the number of jobs in this sector will continue to increase. Most of the jobs will be located in major metropolitan hubs such as New York City, Atlanta, Chicago, and Los Angeles but there will also be jobs in other location that have organizations that have cyber security needs.