Cybersecurity managers are advanced-level IT professionals who have worked their way up through the ranks to take on responsibilities in leadership and management. Typically, they have boots-on-the-ground experience with security risk assessment and remediation, computer forensics, incident response and network security; with all this experience and more, they’ve reached a point in their career where they’re ready to manage teams and execute strategies.
Are you considering taking the next step in your career? Or perhaps you’re new to the cybersecurity field and you want to get an idea of what your long-term career plan will look like. In either case, considering a job as a cybersecurity manager is a solid option.
The demand for qualified leaders in this growing field only continues to rise as cybersecurity becomes increasingly important. Between September 2017 and August 2018, there were 14,320 job openings for cybersecurity managers. That’s an extremely promising number for future cybersecurity leaders!
If all this sounds good to you, stay tuned and take a look at the rest of this article. We’ll do a deep dive into what it means to be a cybersecurity manager and go through a few pointers on how to become one. All of this information and more is available through the CyberSeek Cybersecurity Career Pathway tool, a free resource for information security professionals.
What is a cybersecurity manager/administrator?
Cybersecurity managers have risen through the ranks of entry- and mid-level jobs to manage a team and handle higher-level strategies. Your company relies on you to prevent security breaches by knowing the IT systems inside and out. Instead of doing the hands-on work, your role is to hire, train and direct the staff who performs those tasks.
As a cybersecurity manager, you will be primarily responsible for:
- Managing a team of technicians, analysts and auditors
- Creating strategies for audits and security protocols
- Executing policies and procedures for corporate computer security
As you can see, being a cybersecurity manager is a lot less about hands-on security work and more about directing the people who work in those roles. You also play a huge role in ensuring the company doesn’t fall victim to hacking, breaches or cybercrime.
If a breach does take place on your watch, you’ll likely lead a forensic investigation to determine exactly what happened and identify weak spots in the system that your team will have to patch. To best anticipate and stop attacks, cybersecurity managers are expected to stay on top of emerging trends in cybersecurity. Current, up-to-date knowledge is power when going head-to-head with cybercriminals who are always looking for a weakness to exploit.
Common job titles
Job titles for cybersecurity managers may vary from company to company and differ based on the role’s specific duties. Common job titles for cybersecurity managers include information security manager, security administrator, information systems security officer, information security officer and information systems security officer.
How much does a cybersecurity manager/administrator make?
Cybersecurity managers can expect to make around $115,000 on average. This number is an average based on online job openings from September 2017 through August 2018.
Keep in mind that your salary will vary based on a couple of key factors. Your work experience and education will have the biggest impact on your salary: The more years of experience and credentials you have under your belt, the more money you can expect to make.
Where you live and work can also influence your salary. Jobs in cities with high cost of living, such as New York or San Francisco, will usually (but not always) come with a higher salary than less pricey areas.
Last but not least, the company you choose to work for will also have an impact on your salary. Some companies will have more money to offer cybersecurity managers than others. Startups or non-profits, for example, may have less money to work with than larger companies or corporations. Websites like Glassdoor can be helpful for learning more about salary expectations at a particular company.
Education, certifications and skills
Education: Having at least a bachelor’s degree is highly recommended for this career track. According to CyberSeek, 68% of job listings for cybersecurity managers want to see a bachelor’s degree. Keep in mind that an additional 24% of job postings would like to see a graduate degree. Since this is a high-level position, having an advanced education that combines information security with business principles will be an asset to you.
Top certifications: This far along in your career, employers expect to see a range of certifications that demonstrate your skills and knowledge of the field. The most common certifications employers want their cybersecurity managers to have are:
Top skills: Cybersecurity managers need to have a deep understanding of core technical skills in addition to business acumen and management principles. According to CyberSeek, the following technical skills are the most sought-after among cybersecurity managers:
- Information security
- Information systems
- Information assurance
- Linux, network security
- Project management
- Vulnerability assessment
- NIST Cybersecurity Framework
- Security operations
On the management and leadership side, CyberSeek recommends having a grasp of the following:
- Executive cyber leadership
- Acquisition and program/project management
- Cybersecurity management
- Legal advice and advocacy
- Strategic planning and policy
- Training, education and awareness
Career pathways for cybersecurity managers/administrators
Cybersecurity management is an advanced-level career you can reach by following one of several different career paths. Naturally, you’ll have to advance from entry-level through mid-level jobs before you’re qualified to work as a cybersecurity manager.
Most cybersecurity managers are promoted from mid-level jobs as either cybersecurity analysts or cybersecurity consultants. The least compatible background for becoming a cybersecurity manager, according to CyberSeek, is penetration and vulnerability tester.
Not all cybersecurity managers come from mid-level careers. Some may instead transfer into the role from a different advanced-level career. CyberSeek shows that both cybersecurity engineers and cybersecurity architects can move into higher-level management or administrative roles. As you can see, you have a few different paths for reaching a cybersecurity manager position.
Common NICE cybersecurity workforce framework categories
Cybersecurity is a complex and growing field, so the National Initiative for Cybersecurity Education (NICE) created a helpful framework to organize cybersecurity jobs by core duties and technical skills. For each job in the CyberSeek tool, you can do a deep dive into which NICE skill clusters are associated with each role. Here’s what it has to say about cybersecurity managers/administrators:
Click on each skill heading in the Career Pathways tool to explore a (very, very extensive) drop-down list of core competencies for cybersecurity managers.
Conclusion: What are the next steps?
Are you ready to ascend to a leadership position? If you’ve diligently worked in the cybersecurity field for some time, are skilled at managing employees and are excited by enacting strategies to protect your company’s information security, then this might just be the role for you. As a seasoned leader, you’ll be driving the business’s efforts to keep out hackers, scammers and cybercriminals.
So what are your next steps? First, you should check out the CyberSeek Cybersecurity Career Pathway page and explore everything there is to learn about cybersecurity managers/administrators. Next, take a look at opportunities to learn advanced cybersecurity skills through certification programs.
- Cybersecurity Career Pathway, CyberSeek
- 9 Critical Responsibilities Of The Cybersecurity Manager, BitSight
- Cybersecurity Manager Career Guide, Florida Tech
- Responsibilities of an Information System Security Officer, Chron