Advice on How to Break Into Management in InfoSec?
qwerty1980
Registered Users Posts: 3 ■□□□□□□□□□
Friends,
I have been viewing this excellent forum for years but now decided to post. I have been in IT Security for 10+ years, I have half-dozen of the "common" information security certifications, including the CISM (Security Manager) and PMP (Project Manager), and the rest are technical certifications.
I do have an undergrad degree in IT (from a brick-and-mortar university here in the United States, not an online degree) and doing a part-time MBA program (which will likely take forever actually to complete, one class at a time).
The problem is whenever I interview for management IT Security jobs I am told my skills are "too valuable" for management and they want to me join as an "individual contributor". These are typically well-known and large American companies, and typically offer to pay more than an "individual contributor" but less than a true "manager", so typically offering in the $120,000 - $140,000 range, and in many cases offering to give me the "manager" job title, even though I would have no direct reports.
I am considering getting more technical certifications (like an EnCE), but I am concerned that by getting even more technically certified I am putting myself down a "technical hole" and further away from true management. I feel my people skills are above average, so that's not an issue.
I would like to ask you folks what recommendations you have on how to break into real management within IT Security and grow my career.
I have been viewing this excellent forum for years but now decided to post. I have been in IT Security for 10+ years, I have half-dozen of the "common" information security certifications, including the CISM (Security Manager) and PMP (Project Manager), and the rest are technical certifications.
I do have an undergrad degree in IT (from a brick-and-mortar university here in the United States, not an online degree) and doing a part-time MBA program (which will likely take forever actually to complete, one class at a time).
The problem is whenever I interview for management IT Security jobs I am told my skills are "too valuable" for management and they want to me join as an "individual contributor". These are typically well-known and large American companies, and typically offer to pay more than an "individual contributor" but less than a true "manager", so typically offering in the $120,000 - $140,000 range, and in many cases offering to give me the "manager" job title, even though I would have no direct reports.
I am considering getting more technical certifications (like an EnCE), but I am concerned that by getting even more technically certified I am putting myself down a "technical hole" and further away from true management. I feel my people skills are above average, so that's not an issue.
I would like to ask you folks what recommendations you have on how to break into real management within IT Security and grow my career.
Comments
-
JDMurray
Admin Posts: 13,091 Admin
Your resume is probably not properly tailored for an InfoSec management position. Remove a lot of the technical stuff and (truthfully) emphasize your management experience. The CISM requires a minimum of three years InfoSec management experience, and the PMP requires 4500+ hours of project management experience, so you must have some management accomplishments to emphasize.