IT security career: Director

- IT security directors provide the organization security vision and work with their
teams and senior leadership to ensure their vision gets implemented. As an IT
security director you will leverage your extensive IT and management experience to
lead security programs and the deployment of security technologies. IT security
directors supervise security departments and ensure security policies, procedures,
and protocols are being executed correctly and by the appropriate teams. And, as
members of an organization's executive management, IT security directors must
prepare and deliver technical security reports to other members of the executive
team. In addition to IT security director, common job titles include: information
security director, chief information security officer or CISO, chief security officer or
CSO, and deputy CISO. IT security directors must have strong technical management
and people skills. Key technical skills they need are a thorough understanding of
TCPIP, computer networking, routing and switching, DNS, authentication, VPN, proxy
services and DDoS mitigation technologies. Because they are responsible for
managing the security of an entire organizations, directors must have a
deep knowledge of ISO 27001, 27002, ITIL, and COBIT frameworks, as well
as PCI, HIPAA, NIST, GLBA, and SOX compliance assessments. IT security
directors need to see the big picture, so IT strategy, enterprise architecture, and
security architecture skills are essential. And due to the nature of their
position, they need to have strong interpersonal, written communication, oral
communication and analytical skills. IT security director jobs aren't entry-level
positions. Most job postings will require a minimum of eight years in the IT security
field and a minimum of four years experience managing direct reports. Almost every
director role will require a bachelor's degree in a related field. This means an IT field,
such as a Computer Information Systems degree. Other technical degrees may also
be accepted. And it's not unusual to have jobs listing also require a master's degree
for director positions. They will also be expected to demonstrate a track record of
strong performance management, mentoring, and team development. Frequently
desired certifications for IT security directors include: CISA, CISM, CISSP, and CISSP-
ISSMP. An IT security director job represents the pinnacle of the IT security career
track. It's a high responsibility position perfect for people who have the experience
and vision to lead the security of an entire organization.
IT security success Traits:

Analytical and technology savvy

- [Narrator] If you aspire to be an IT security professional, then there are two traits
which will contribute to your likelihood to be successful in this field: being analytical
and technology savvy. If you read through IT security job postings, you'll frequently
see these words and phrases describing actions performed on the job: These are just
some of the terms you'll run into. These terms are used to describe analytical
skills which are frequently desired by employers hiring security professionals. Being
analytical is a desired trait for IT security professionals because working with large
amounts of data and extracting meaningful information can be a big part of the
job. An example might be sifting through security event logs or network traffic
dumps to gather information about a potential security incident. Or if you're a
manager or director, you might need to crunch other types of data like asset
inventories or annual budgets. How can you tell if you're analytical? You might be
analytical if you like mathematics, crunching numbers in spreadsheets, writing scripts
with Python, Windows PowerShell, or other scripting languages, digging into the
details of practically anything and solving problems. You may be analytical and not
even realize it. For instance, you may need to take courses in analytical tool sets like
Excel or scripting languages to help you enhance these skills for your job. If you find
that you enjoy them, you may be analytical after all. And when it comes to being
tech savvy, IT security professionals are expected to have a strong proficiency with
technology, especially computers and networks. This is not a career field for anyone
intimidated by technology. You'll need to know your way around computer
hardware, operating systems and networks. This is one reason why introductory
certifications like CompTIAs, A+, Network+ and Security+ are so popular among
employers. They demonstrate competency in computers, networks, and security
fundamentals. You're probably tech savvy if you follow news about cutting-edge
hardware and operating systems, like to tinker with hardware and operating
system to optimize their processing and security and research upcoming technology
improvements and look forward to their arrival. Being tech savvy is a trait that aligns
well with a career in IT security. A successful career in IT security requires many
skills but having a strong hold on analytics and tech can give you a true competitive
edge.
Self-directed and knowledge hungry
- [Instructor] There are two traits that will help you throughout your IT Security
career. Being self-directed and having a desire to learn. First, let's look at what it
means to be self-directed and why it's important to your success as an IT Security
professional. Job listings for IT Security professionals will frequently require the
candidates to be self-directed. This is an important success trait for you as a security
professional because employers will often expect you to know how to do your job
and not need to be told to do it. Ideally, someone who is self-directed
identifies opportunities for improvement, sets goals for themselves to make those
improvements and works toward these goals on their own. If you do this it makes
your boss's job much easier because he or she doesn't need to tell you what to do
and hover over you to make sure you're doing your job. Instead, you will set your
own goals and your boss will measure your performance based on how well you
achieve them. If you're not sure which goals to work toward, then listen carefully for
any initiatives your boss wants accomplish and work your boss's agenda. Find ways
you can use your skills and expertise to help your boss reach his or her goals. This
not only demonstrates self direction, it makes your boss's job easier which is always
a good idea. Being self-directed is a choice. The more self-directed you are, the more
likely you will succeed in your IT Security career. Next, let's talk about your desire to
learn. In the IT Security field one thing is certain. Change. Technology is in a constant
state of flux. This, in turn, leads to changes in security controls and standards. That's
why there's always more to learn as a security professional, even if your job is highly
specialized. You'll still need to learn new versions of hardware and software and how
to keep them secure. You might even need to learn about the security implications
of brand new technologies. Like Cloud architectures and the Internet of Things. If
you don't have that desire to keep learning, you'll quickly fall behind the times. Your
knowledge will grow stale and you'll no longer be as valuable to your employer. To
advance in your career, you need to at least stay current. If you stop learning you'll
stop growing. One of the benefits of constantly learning is it helps you stay ahead of
the technology curve. Your employer will probably expect you to give a quick
assessment when technologies change and how these changes will impact security. If
you've already learned about these pending changes, you'll have formed an opinion
and you won't be caught off guard. This means you'll be in a better position to help
your organization react swiftly to emerging threats. Your desire to learn and being
self-directed will be valuable traits that will help you succeed in your IT Security
career.

Collaboration and working well with others

- [Instructor] It's not unusual to see job listings for security professionals which
include the phrase works well with others. You may recall that same phrase from
grade school days. Clearly, the need for people who work well with others is truly
timeless. Almost all IT security jobs involve working on a team, so understanding the
value of teamwork is important if you want to succeed in this career field. You can't
expect to go it alone and have long-term success as an IT security professional. For
instance, if you're responsible for remediating security vulnerabilities you'll need to
collaborate with the owners of the systems which have the vulnerabilities. You won't
be able to just patch the vulnerabilities without coordinating with them because that
could create downtime for their systems. You'll have to work with the system
owners to first demonstrate that the patches are important and need to be
installed, and then to coordinate a time that works with both of you to get the
patches deployed. Another collaboration example is if you are a security manager
and you need to write the security policies for your organization. You can't just
create any policies you want in a vacuum, you'll need to work with the other
managers to ensure that the policies match what the organization is willing to
do. Writing effective policies that an organization will actually comply with is
definitely a team effort. You'll also need to know how to interact with others when
situations aren't going your way. Be tactful with others, even if you know they're
wrong and you're right. Overreacting to a situation that could be resolved quickly, if
handled calmly, can cost you your job. Strong teams work together to do what needs
to be done to reach a common goal. Collaborating and working well with others are
skills worth developing, because they not only help your team achieve its
objectives, they will make your job easier.