Cyber Security Director Career Guide & Outlook

Learn What a Security Director Does, the Requirements Needed and Job Growth

Data that a company keeps regarding its customers, employees, and even its competition has to remain safe. A breach in security can lead to credit card numbers being stolen, the release of sensitive data to the public, and a host of other developments that can leave an organization embarrassed and in legal trouble. This is where cyber security comes in: the set of protocols put into the place by a group of information technology experts. The leader of this group is called the Cyber Security Director. These employees have experience in the field as well as management and communication skills that meet or most likely exceed the acceptable minimum requirements.

What Does a Security Director Do?

A cyber security director is in charge of an organization’s Information Technology Department. The position reports directly to either the Chief Information Security Officer (CISO) or the Chief Operating Officer (COO). The cyber security director is tasked with creating the security framework that keeps an organization’s network and electronic data safe from cyber invasion. This mean managing a team of IT techs, making sure the network is as secure as possible by using the right technology to protect it, and making sure employees know how to recognize a possible threat. Directors are typically highly educated, hold several IT certifications, and have been working in the IT and cyber security fields for at least 10 to 15 years. Although they are referred to as cyber security directors in this document, those in this position could also hold titles such as Deputy Chief Information Security Officer, Information Security Director, or Senior IT Manager.

What are Their Responsibilities, Common Duties, and Tasks?

Cyber Security Directors have a lot of responsibilities. They’re not just information technology experts, they also have managerial duties and need to have excellent communication skills since they have to interact with c-level employees, those they manage, vendors and sometimes clients.

Some of the responsibilities and duties of a cyber security director include:

  • Being in charge of the cyber security unit that oversees the security of an organization’s network and electronic data
  • Putting protocols in place to ensure security
  • Managing a team that prevents and combats cyber security threats
  • Training employees on how to prevent and detect cyber security threats
  • Assessing the costs and benefits of new projects and justifying operating costs to top-level executives
  • Negotiating with vendors for the best possible deals for the organization’s technology

Becoming a Security Director

To get to the position of cyber security director, a person travels a relatively linear path, though there is some wiggle room in regard to the positions held prior to the director position. The first step is becoming an administrator, either in security, networking, or systems. While in this position, a bachelor’s and possibly a master’s degree should be attained, if not before taking the administration position. After four to five years of experience working as an administrator, the employee can take the Computer Information System Security Professional (CISSP) examination and apply for acceptance into the (ISC)2 organization.

The next tier of employment leading toward a director position is a position as a security specialist, security analyst, security engineer, security consultant, or a security auditor. These positions require a person with several years of experience working as an administrator and most likely a CISSP certification. Also, this is a good time to attain another certification in Management Information Systems (MIS).

After working in one of the above positions for several years, management positions will begin to open up. Some of the possibilities include Security Manager, IT Project Manager, and Security Architect. Once you have worked in one or more of these positions for several years, the possibility of becoming a cyber security director is within reach.

Typical Requirements for Employer Hiring

A cyber security director position is not an entry-level position. In fact, it’s only one ladder rung away from being a C-level position, which is why some companies refer to their cyber security directors as Deputy-CISOs. In order to be considered for this high-level position, most employers require these minimum requirements.

  • A minimum of a bachelor’s degree in information technology, information systems, network administration, or systems administration. A Master’s degree in one of these areas or in cyber security is preferred
  • 10-plus years of working experience in the areas of information technology, information systems, cyber security, system administration or network administration for someone holding a bachelor's degree - eight or more years’ experience for someone with a master's degree
  • 5 years of experience working in information technology and/or cyber security
  • A minimum of 10 years working in a leadership or management position
  • A minimum of 5 years working in cyber security and experience in policy, procedures, and processes
  • Management Information System, CISSP, or other security certification

As you can see, this is a position for someone who has been in the field for a while. Different companies will have different requirements for their directors, so if this is a position you eventually want to hold, it is a good idea to position yourself as an expert in a particular niche as much as possible and work your way up through the ranks in that niche. It is possible for a generalist to make it to cyber security director, but that person must also possess extraordinary soft skills in management, communication, sales, or a combination of those.

Skills Needed

A cyber security director needs a specific set of skills in order the carry out the tasks required to keep an organization’s electronic data and networks safe.

Some of these skills include:

  • Certifications required to perform and execute required security tasks
  • Management experience
  • Work experience in the information technology and security fields
  • High aptitude for math
  • Carefully honed detection skills
  • Experience working on and maintaining computer equipment

Along with the above technical skills, a director will also need the following soft skills:

  • Excellent written and verbal skills
  • Sales negotiation skills
  • The ability to multitask
  • Interviewing skills
  • The ability to both manage and work with a team, as well as work independently

Security Director Salaries

Cyber security jobs offer excellent salaries. It is the trade-off for what can be a demanding and stressful career. According to Payscale.com, on average a Cyber Security Director makes $142,000 annually. There’s quite a bit of fluctuation between the high and low end of the pay scale. The bottom 10% of cyber security directors made $85,000 in 2018, while the top 10% of directors earned $208,000 each year. The fields where a cyber security director can expect to make the most is the Information industry as well as finance and insurance.

Outlook & Jobs

Like most jobs in the cyber security field, the outlook for cyber security directors is favorable. According to the US Bureau of Labor Statistics, there were 414,450 workers in the cyber security/information technology field, with roughly 10% of those being security director positions. Between 2018 and 2028, another 46,800 jobs will be added. This equates to job growth of 11%, much faster than job growth in other areas. The increase is due in part to the ever-increasing use of the internet, as well as more organizations adding cyber security teams to their staff. Most of the jobs will be in the private sector, but government jobs at the state and local levels will also bring additional opportunities. Unless there is a drastic change in how technology is used or there is an overall decrease in its usage, the number of jobs in this sector will continue to increase. Most of the jobs will be located in major metropolitan hubs such as New York City, Atlanta, Chicago, and Los Angeles but there will also be jobs in other location that have organizations that have cyber security needs.

Cyber Security Careers and Jobs

Chief Information Security Officer (CISO)

These executives oversee information systems and company-wide information security, as well as all departments associated with these systems.

Chief Security Officer (CSO)

These executives deal with information and physical security systems, controlling database and facility entry and all departments that deal with security and surrounding policies.

Chief Technology Officer (CTO)

This executive deals with technology development and implementation. They receive company-wide reports on the use and effectiveness of technology.

Computer Forensics Investigator

Analyze computers or web-based applications in the search for forensic evidence of a crime. This is done in support of the law after commission of a crime, or in efforts to support a company by assessing network vulnerabilities.

Cryptographer

Cryptographers are responsible for deciphering encrypted data. They might do after the commission of a crime. They also work to create better encryption to create stronger networks and safer data storage.

Incident Responder

Incident responders work with companies or governments to respond quickly after a possible threat has been detected. They find the source of the issue, determine if it’s a real threat, and discover how the incursion occurred.

Penetration Tester

Penetration testers seek to create an incursion. By doing so, they reveal the weak points of a security system so that these points can be secured better in the future.

Risk Analyst

Risk analysts spend their time looking for systems, procedures, or malware which could cause unintended negative occurrences, such as system crashes or slowdowns. They help create procedures to fix these problems quickly if they do occur.

Security Administrator

Administrators are responsible for dealing with all security and safety issues. They may create procedures or policies in order to maintain security company-wide.

Security Analyst

Security analysts maintain company networks and fix issues that come up during normal operation. They may also identify threats and neutralizing them as quickly as possible.

Security Architect

This position requires you to choose or design security elements, whether physical parts that will become a part of the system or the virtual system that will provide access to all the company’s data.

Security Auditor

These specialists may be kept on retainer or brought in after changes are made to a system. They provide a system-wide audit to make sure there are no chinks in the armor of the network or system.

Security Consultant

Security consultants devise plans for a company should they experience an incursion or help companies that are just getting started set up their security system from the ground up.

Security Director

The director of security helps create and review all policies and procedures related to security. They also ensure compliance with local or federal laws related to security concerns, such as the safety of patient data.

Security Engineer

A security engineer is responsible for creating computing systems which increase their company’s security and they solve any issues turned up by a security audit or incursion incident.

Security Manager

These managers oversee security staff on a day-to-day basis, making sure staffing is steady and all issues are dealt with and reported to the highest-level security professional in the company.

Security Software Developer

Specializing in security software solutions, they create software for individuals to use on home computers or advanced solutions meant for multi-billion-dollar industries or even government agencies.

Security Specialist

This is an entry-level position in which a specialist may monitor or troubleshoot system or network issues. They may perform basic test procedures, reporting all activity and feedback to their manager.

Vulnerability Assessor

These specialists test systems for vulnerabilities, much in the same way penetration testers do. Instead of performing penetration testing, they look through applications or software for possible weaknesses.

Leaders in Cyber Security Education: Find Your Career Today

Get started today on your path to advance your career!