Tuesday, March 17, 2015

How Can An IT Director Become a Director of Information Security?

Question from a Security Recruiter Blog Follower

Jeff, what advice would you give to an IT Director who is looking to move laterally into a role such as Director of Information Security?

This is a tough question to answer because there is no single answer.  What I’ve seen over the years is that IT people who are in the right place at the right time in the right company have been tapped on the shoulder to take on new responsibilities.

If you’re an IT Director who has some exposure to information security technology, one idea that comes to mind is to consider certification in the areas of information security where you are beginning to build expertise.  Perhaps SANS certifications might be helpful.

As soon as you’re able to earn one, the CISSP certification is the one that the marketplace knows more than any other information security certification.  I hate to say this but from a check box standpoint, the way too many companies still hire, the CISSP on your resume will draw some attention and will enable you to enter some interview doors that will not open without the certification.

If you haven’t already, you should express to your boss that you would like to take on information security projects.  This is probably an easier discussion to have it you report to a CIO or CTO than if your boss is someone outside of IT. 

Unless you’re lucky enough to be in the right place at the right time when a new position is created and it is given to you or your Director of Information Security leaves and you’re tapped on the shoulder to take on the role, you may have to take several side steps towards your goal rather than making one single leap.

SecurityRecruiter.com's Security Recruiter Blog