Security professionals frequently ask if their resume could be improved upon or what they must do to reach the manager, director, vice president, or CISO/CSO level. Although there is no magic formula, this advice comes from reflecting on the successful search assignments securityrecruiter.com has completed as well as from reviewing the combination of skills and attributes that pulled the assignment together. There is no perfect combination of educational credentials, work experience, certifications and personal attributes, but here is what we have determined our clients respond to when senior level security openings surface.
CERTIFICATION IS A MUSTA Bachelor degree is usually sufficient, but a Masters degree can put you one step closer to landing the position. Industry certifications are a must. For leadership roles, companies like to see Certified Protection Professional (CPP), Certified Information Systems Security Professionals (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and Global Information Assurance Certification (GIAC). The more technical the role, the more GIAC and vendor specific certifications are desired.
Our company has seen different career paths lead to security management roles. Early on, companies asked for individuals who came up through physical security or technical ranks to include mainframe/midrange security, network security and Internet security. Common career progression frequently includes moving from security administrator to security engineer/analyst to security architecture titles to management. While this type of career progress is still important, there is more to it than just getting promotions.
Understanding mainframe, network and Internet security technology alone is no longer enough. Specific industry experience is often a prerequisite to obtaining a senior security leadership role in a particular industry. Additionally, as a result of regulatory compliance pressures, companies frequently want to see candidates who clearly demonstrate an understanding of compliance regulations that relate directly to their industry.
EXPERIENCE MATTERSOn top of education, professional experience is the element that separates those who progress to security leadership roles from those who do not. Experience is extremely important, as it demonstrates that you have been introduced into the security world and have had to deal with security issues. Prospective employers want to know what issues you’ve had to face and how you solved them. Keeping track of your tasks and praise letters will show a perspective employer that you excelled at your previous position(s).
To lead others, to communicate effectively with non-technical users and to communicate in the boardroom with “C” level executives, security professionals must possess exceptionally strong verbal and written communication skills. The element of communication is so important that any lack of polished skills in this area will keep advancement doors closed.
There is no single magic set of skills that will qualify one for a position in information security leadership. As regulatory pressures continue to mount on corporate America, information security professionals must keep their technical skills sharp while keeping up with constantly changing regulations and they must be exceptionally strong communicators.