What does an IT security manager do?
IT security managers need to have a passion for learning and critical thinking skills, as well as understand intrusion prevention and detection.
Enterprise cybersecurity departments are led by well-trained and highly educated cybersecurity managers. They lead teams of IT professionals whose job is to keep the business IT infrastructure safe and to prevent sensitive data from falling into the wrong hands.
Cybersecurity managers are equal parts technologist and manager. They must be conversant in modern security software, protocols, practices and regulations. They must also have managerial skills to work across departments and interact with upper management.
What skills and knowledge does a cybersecurity manager need?
Skills for cybersecurity managers fall into two categories: hard skills and soft skills. Hard skills relate to technology, while soft skills are managerial. Both skill sets are necessary to be a good manager.
Hard skills include the following:
- Intrusion detection and prevention. This is central to the task of cybersecurity. Successful security practitioners must be able to operate an intrusion detection system and identify any suspicious traffic or activity on the network.
- Identity and access management. Managers need to know best practices for identity and access management. They must ensure that the security policy demonstrates an acceptable use for various roles and responsibilities within the organization.
- Security incident handling and response. Security practitioners must be able to handle the complete threat spectrum and compliance of the organization's security policies or standard security practices. Threats include DDoS attacks and different types of malware, such as viruses, ransomware and ones delivered via phishing.
- SIEM. Security managers must be able to analyze SIEM tools and services. They must be able to create automation with the SIEM tool and create incident response plans based on real-time analysis from alerts.
- Audit and regulatory compliance. Well-rounded security practitioners must be able to conduct thorough reviews of the organization's adherence to regulatory guidelines. Regulations include HIPAA, Federal Information Security Management Act, Sarbanes-Oxley Act, PCI DSS and GDPR. Failure to adhere to regulations could result in significant fines and penalties.
- Application security development. Managers should have a good working knowledge of the test and QA phase of internal development. These skills are highly vertical and best left to experts in the field; however, a good working knowledge of finding, fixing and preventing vulnerabilities in homegrown applications can't hurt.
Soft skills include the following:
- Leadership. Managers are expected to lead and set an example for those under them. Showing understanding of issues, whether it's configuring a firewall or talking compliance with the CISO, inspires confidence. The ability to build and maintain relationships with stakeholders across the organization is a must.
- Communication. Managers must be able to communicate complex technical concepts in a clear and concise way to stakeholders who are less technically skilled.
- Passion for learning. The threat and compliance landscapes are forever changing, so security managers must stay on top of the latest trends, technologies and security challenges.
- Collaboration. Cybersecurity is about shared responsibility across the organization. Security managers can't and don't work in isolation. Managers need to make sure security policies are not only in place, but followed by all departments.
- Critical thinking. To combat bad actors, security managers need to think like them. A good defense to fight hackers is necessary, but a good offense can solve a problem before it becomes one.
What are a cybersecurity manager's responsibilities?
Cybersecurity managers' technical work falls into two categories: monitoring and maintenance. Here are some of those tasks:
- Monitor all operations and infrastructure. This includes regularly examining security alerts and checking logs.
- Monitor internal and external policy compliance. This ensures that both employees and vendors comply with risk management policies.
- Monitor regulatory compliance. This is especially important in highly regulated industries, such as finance and healthcare.
- Manage security tools and other technologies used to secure the network. Managers must conduct regular audits of policies and controls to make sure they are being adhered to.
- Keep security on the radar of the C-level executives. This is necessary so security remains a budget and strategic priority. Managers shouldn't assume C-levels are watching security issues. They have a lot to follow.
- Keep up on technological developments. The cybersecurity landscape is constantly changing. Managers must constantly evaluate new technologies and policies and be prepared to implement new systems and policies.
- Work with different departments. The security department does not work in isolation. Managers will likely be tasked with working across many departments in an organization to get everyone on the same page.
- Manage resources. Cybersecurity managers need the right mix and number of employees, along with the right technologies, to run a successful department.
- Mitigate risk from attacks by adapting strategies to new attack styles. This includes routinely auditing business practices to keep cybersecurity strategies moving forward rather than letting them become outdated and ineffective.
How to become a cybersecurity manager
The educational and training requirements to be a cybersecurity manager can vary depending on the employer and the level of security and expertise required.
Most employers require at least a bachelor's degree in cybersecurity, computer science, IT or a related degree. In addition to a formal degree, cybersecurity certifications can also be a requirement. These might include the following:
- Certified Information Systems Security Professional (CISSP).
- Systems Security Certified Practitioner (SSCP).
- Certified Ethical Hacker (CEH).
- Offensive Security Certified Professional (OSCP).
- CompTIA Security+.
If you wish to advance to cybersecurity management, then obtaining a master's degree is highly encouraged. The Cybersecurity Guide website lists 75 master's programs from around the nation. It includes online courses from schools such as University of California, Berkeley; Virginia Tech; Arizona State University; and Washington University.
There are also online learning organizations that offer recognized and accredited programs in cybersecurity. These are not college degree programs, but they do offer certificate programs that are helpful for cybersecurity professionals of all levels. Programs include CISSP and Information Systems Security Management Professional.
Learn more here about the difference between certifications and degrees.
How much does a cybersecurity IT manager make?
The job recruiting site ZipRecruiter puts the average salary for a cybersecurity manager at approximately $128,000 per year, with $44,000 on the low end and $192,000 on the high end. Glassdoor puts the range at $106,000 to $180,000, with a median salary of $138,000 at top consultancies such as Accenture and PwC.
That's a slight increase over the average 2022 salary of $117,580 per year.
ZipRecruiter puts Federal Way, Wash., as the best-paying city for cybersecurity managers, at $155,440, followed by Santa Clara, Calif. ($152,694), San Francisco ($152,269) and Washington, D.C. ($149,200).
What is the job outlook for cybersecurity managers?
The Bureau of Labor Statistics projected information security job growth at 32% annually from 2022 to 2032, with about 16,800 job openings per year every year for the foreseeable future.
The reasons for growth are multiple: the increased reliance on digital formats, all of which need to be protected; the ever-increasing sophistication of security threats and threat actors; and the increasingly severe consequences for security breaches, including penalties, loss of reputation and lost business.