Infosec management roles

koenigss15koenigss15 Member Posts: 18 ■■■□□□□□□□
Would appreciate opinions and advise on how to land an infosec management role.

I have been in IT for 15+ years and I am currently a Sr. Security Analyst. I obtained my CISSP last year.

Your insights are welcomed. Thank you.


  • renacidorenacido Member Posts: 387 ■■■■□□□□□□
    I recently accepted an IT Security Mgr job offer. My advice:

    - You're a Sr Sec Analyst so I assume you have Jr analysts and you lead their day-to-day activities and are probably the lead on one or more things like incident response, vulnerability mgmt, end user training, audit remediation, and you're the de factor project manager on any upgrades or new installs of security technology. There are a lot of things that could be in your job jar but I'm taking a stab (I've had your job title before). IF you're not the one in charge and out in front on those things, ask your boss if you can take the lead.

    - Look at job postings for IT Security Manager online. Do a skills and knowledge inventory on yourself. A self-assessment as to how well you'd be able to handle all of those things. Keep yourself honest when you do this. Before you start interviewing for this job, make sure you can do it with excellence. Sure there are always things to learn, adjustments to a new role in a new company, etc. But you want the fundamentals of your core day-to-day functions and activities to be in your range of acquired skills when you start, otherwise you're going to feel like you're in over your head. If you find common skills and knowledge areas in the job postings that you recognize aren't yet in your repetoire, look for opportunities and methods to fill your gaps.

    - Give your resume a good update and see how it lines up with the job postings. That may also identify gaps to fill.

    - If you're ready for a management role, most likely you are already subconsciously trying to work at that level. What I mean is, you find it hard not to try to build or enhance processes, workflows, policies, TTPs, metrics, reports, etc. You've got a strong opinion on everything related to your company's security program. You know where the gaps are and are constantly campaigning for your manager, CISO, IT Director, etc to support or adopt your ideas to resolve those. You enjoy mentoring and guiding the junior analysts and though you still enjoy the highly technical work, your eyes are on the bigger picture. You'd rather be in charge than simply lead the execution of the day-today tasks.

    - Once you feel pretty confident that you're a solid candidate for a manager position, make sure your resume spells that out.

    - If you don't already have a mentor, look for one who is currently in the seat or has been in the seat you want to be in.

    - Unless your manager is an insecure or power-mad b-hole, it's often helpful to share your career goals with him/her. If you have a good relationship, they should be supportive and when appropriate offer you opportunities to lead and delegate more managerial functions - as long as you've earned their trust and confidence...that always has to come first. A good boss wants his best people promoted, even if he loses them in the process. High tide raises all ships and so forth.

    - Don't neglect the vital leadership, managerial, and soft skills - persuasion, conflict resolution, business analysis, resource management, strategic planning, team-building, emotional intelligence, performance counseling, motivation, incentives, leading organizational change, etc. And of course make sure you're an ace at PowerPoint and Excel. You'll be staring at slides, spreadsheets, and emails more than packet captures, event logs, vulnerability reports, or security dashboards from now on.

    - There will be some downside, but lots of upside too. Your own office, bigger paycheck, more autonomy, and the satisfaction of advancing in your career. It's not for everyone - some prefer to stay in technical roles until they retire. There is absolutely nothing at all wrong with that, and that can be very lucrative as well.

    Hope this helps, good luck.
  • koenigss15koenigss15 Member Posts: 18 ■■■□□□□□□□
    Thanks renacido. Top notch guidance that I really believe will help me progress.
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,100 ■■■■■■■■□□
    koenigss15 wrote: »
    Would appreciate opinions and advise on how to land an infosec management role.

    If you work in a large organization like I do, see if they have a supervisor training program. It will help you succeed if you looking to move up within the company.
    Still searching for the corner in a round room.
  • abelamoralesabelamorales Member Posts: 54 ■■□□□□□□□□
    What's your experience in specifically? How many people do you manage? What business issues have you solved? What's your involvement with the C level suite? What have you done that mirrors the job of a manager?

    I think you're in a spot to become a manager or a team lead. Look on and find what jobs are available for information security managers in your market to see what these businesses are specifically looking for.
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    Management is good, but also strive to be a leader. If you're a successful leader then the other roles (including management) will come in time. Two good places to start - John Maxwell's The 5 Levels of Leadership. James M. Kouzes' The Leadership Challenge.

    I'm pretty sure I landed my current gig during job interviews not by talking my l33t hax0ring skills but about how much I love learning about leadership and trying to follow strong leadership principles.
  • MideMide Member Posts: 61 ■■□□□□□□□□
    I recently made a jump into management from an Engineer over on the systems side. Renacido spelled it out correctly and thoroughly, but I'll sum up some points.

    *In your current position looks for opportunities to lead and manage more junior members.
    *Take more initiative to suggest improvements and new projects.
    *Word your current position in this 'leadership' light on your resume.

    In the end it will all depend on the management position you're applying for and what the candidate pool looks like. Someone will need to give you a chance to move up. Keep on applying and hope that you get a hit.
  • jonenojoneno Member Posts: 257 ■■■■□□□□□□
    Be careful what you wish for! Last year I accepted a management position at a top investment bank, the money was good but I wasn't enjoying my job. So I quit after 6 months and went back to the engineering/technical side. I'm not saying management is hard or a bad idea, what I'm saying is that at this age and stage in my career, I don't want to be an excel tiger or a glorified assistant aka project manager. I'll definitely go back to management....hhmmm, maybe in 5-8 years time, but not now.
Sign In or Register to comment.