Security Director

Sometimes called senior information technology managers, information security directors, or

deputy chief information security officers (CISOs), security directors supervise information
security technology staff, budgets, equipment, and activities. They focus on security incident
prevention and response. Security directors also oversee compliance, human resources, and
training in matters relating to information security.

Security directors, CISOs, and other computer and information systems managers work in many
industries, including government and military, finance, insurance, and education.

What Does a Security Director Do?

Companies hire security directors to manage the security personnel and systems that keep
company data safe. Most security director job descriptions include overseeing security
departments and programs. Security directors improve organizational security through
implementing and maintaining information technology-related security measures.

Security breaches can damage company finances and destroy client trust, so the security
director’s role is essential to company success. When security threats arise, security directors
supervise incident response and investigation.

These professionals also perform diverse managerial tasks, including budgeting and strategic
planning. Human resources-related duties can include hiring, training, managing, and firing
personnel. Financial duties usually involve forecasting, budgeting, and allocating resources.
Planning duties include security improvement, strategizing, goal-setting, and policy and
protocol-making. Security directors also must align their company’s practices with legal and
regulatory standards.
Security director requirements vary based on industry, organization size, and position level.
Some security directors report to a higher-level CISO or to other top managers. Most security
director positions require at least 5-7 years in information security management roles.

Steps to Become a Security Director

Security director education requirements usually depend on the position, company, and industry.
Aspiring security directors can launch their careers by earning a bachelor’s degree in
cybersecurity, computer science, or a related field.

Many security director positions also require a graduate certificate or master’s degree in fields
such as cybersecurity or IT security management. Earning a cybersecurity master’s degree often
proves useful to individuals with an unrelated bachelor’s degree.

Bachelor’s and master’s programs that offer coursework specifically tailored to information
security usually provide better educational foundations for information security careers than
general computer science (CS) or IT programs. However, some general CS or IT programs offer
tracks or concentrations in cybersecurity that can help students get early exposure to skills and
knowledge needed by security directors.

Most information security jobs require considerable additional learning beyond a degree. The
cybersecurity field features many professional certification options that bolster cybersecurity
skills. Many security directors hold certifications in information systems security professional
(CISSP) or certified information security manager (CISM).

Many director positions require at least seven years of work experience in the information
security field. Such professionals often have experience in roles such as security administrator,
systems administrator, and network administrator. Security-related roles — such as security
auditor, consultant, engineer, analyst, or specialist — offer more focused preparation for security
director jobs.

Because the security director job requires both general management and technical skills, security
directors often need at least five years of management experience in roles such as IT project
manager, security architect, or security manager.
Top Required Skills for a Security Director
To lead staff and make reports to executives, security directors need soft skills in collaboration,
facilitation, and communication. When directing specific security assessment or implementation
projects, these professionals must prioritize, plan, and delegate. Security directors need
problem-solving ability, accuracy, organization, and foresight to stay on budget and on schedule.

Although these positions often involve more management than technical work, security directors
need considerable mastery of the cybersecurity field. These professionals need fundamental hard
skills valuable in IT, including knowledge of computer programming languages such as Java or
C and operating systems such as Windows and UNIX.

Security directors also need a comprehensive cybersecurity knowledge base, including networks
and security architectures. They must know how to conduct a cloud risk assessment, third-party
auditing, and compliance assessment. Security directors also must understand ethical hacking,
threat modeling, and intrusion detection in order to supervise incident response staff.

Through coursework in critical reading and writing, psychology, and project management,
cybersecurity programs equip students with some of the soft skills necessary for security
directing careers. Courses on programming languages, database applications, networks, and
operating systems give students foundational IT knowledge and an introduction to cybersecurity.

Courses on cryptography, ethical hacking, computer forensics, and information assurance build
intrusion detection and prevention skill sets, while courses such as policy analysis, disaster
recovery, and risk management support leadership roles.

Most good cybersecurity programs also include internships that enable on-the-job learning,
networking, and mentorship. Students with little relevant work experience should seek programs
that include internships.