This paper analyzes and assesses the most critically important management skills for security managers, with particular attention to the competencies that enable progression to Chief Information Security Officer (CISO) roles. The analysis examines cross-functional coordination, the development of trust as an organizational accelerator, and the balance of technical "hard" skills with interpersonal "soft" skills. The paper further explores how exceptional security managers transition into transformational leaders, discussing four key leadership attributes β individualized consideration, intellectual stimulation, inspirational motivation, and idealized influence β along with the role of Emotional Intelligence in sustaining high-level CISO performance.
The role of security managers and their progression to Chief Information Security Officers (CISOs) is often shaped by a broad base of experiences, expertise, and skills, as well as the continual development of management and leadership competencies. The intent of this analysis and assessment is to define the most critically important management skills for security managers, including those most critical to establishing a solid foundation for attaining a senior management position as a CISO in an enterprise (Whitten, 2008). What most differentiates those who progress from security manager to CISO is the ability to interpret situations and conditions, assess relative levels of risk, and continually learn new techniques, technologies, and concepts pertaining to security and leadership. Those who attain CISO roles progress beyond management and become transformational leaders of the professionals in their departments. It is the intent of this analysis to provide a multifaceted view of the baseline skill sets required for security managers to excel in their roles, followed by an assessment of the foundations that enable security managers to ascend in organizations as transformational leaders, including insights into how CISOs maintain a high level of managerial and leadership performance.
The multifaceted nature of a security manager's role includes cross-functional skills and the ability to immediately interpret the many responsibilities they carry. The functional areas integral to a successful security strategy are numerous and critical: they include in-depth analysis of the law and its interpretation; analysis of preventative health and safety requirements within the enterprise; thorough planning for healthcare and safety from a strategic standpoint; and extensive planning for fire prevention and emergency response. All of these considerations must be integrated into a strategic security plan implemented across an enterprise and its many locations. The role of the security manager as cross-functional coordinator of these tasks often propels professionals in this role to continually seek additional insight into each area of the company they are tangentially responsible for. There is also the ongoing challenge of ensuring that each relationship with other departments remains at an optimal level, with a high degree of coordination and clearly defined objectives.
Security managers vary significantly in their ability to manage departmental synchronization and fulfill the role of cross-functional leader. Those who succeed in the many tasks that comprise cross-functional leadership often have the ability to create and sustain trust across organizational boundaries (Francis, 2003). The highest-performing security managers build strong trust-based relationships through reciprocation and the development of effective lines of communication, while also establishing shared goals and objectives (Beugr, Acar, & Braun, 2006). Taken together, these attributes allow high-performing security managers to transform trust into an accelerator, creating a highly effective foundation for cross-functional collaboration. Rather than relying purely on coercive or formal authority, the most successful security managers use trust as a strong foundation for future growth (Purvanova & Bono, 2009). They seek to create coordinated ownership of each facet of enterprise security management, and in doing so develop a far more effective framework for achieving strategic security plans and initiatives.
This ability to turn trust into a galvanizing force is what makes it possible to unify highly dissimilar areas β such as preventative health programs, safety programs, risk management, business continuity planning, and disaster planning β under a coherent strategy (Whitten, 2008). Security managers who successfully create this level of shared task ownership quickly move beyond the traditional roles of planning, organizing, leading, and controlling.
Exceptional performance as a security manager is also predicated on the ability to balance IT security policy, provide predominantly transactional managerial guidance (which often includes rewards and incentives), and create a continual foundation of knowledge sharing and security education throughout the enterprise (Sudhakaran, 2011). These factors are critical to a security manager's ability to expand their role beyond merely sustaining β or, in some cases, barely enforcing β security policies. With trust as the catalyst and accelerator, the highest-performing security managers accomplish significantly more in far less time than their less trusted counterparts (Beugr, Acar, & Braun, 2006).
What also emerges from an analysis of exceptional security managers is their strong orientation toward communication skills β skills that often exceed their systems and IT training, and in many cases surpass their investigative experience. The ability to successfully balance the hard skills of IT, security planning, and execution with the "soft" skills of communication, management, and intuitive trust-building over time forms the foundation of an excellent career in security management (Sudhakaran, 2011). Empirical studies also indicate that the highest-performing security managers seek to align each aspect of IT, healthcare, fire prevention, and risk management with the overriding strategic initiatives of the enterprise (Warrick, 2011). They are further able to situationally select and apply the appropriate combination of hard skills β such as IT security management and advanced security breach analysis β with soft skills such as vendor relations and the continual reinforcement of trust as a core leadership foundation.
Exceptional security managers who can situationally assess and then plan for legal, health, safety, risk, and disaster preparedness challenges have a higher probability of being promoted into senior roles over time. As security managers progress into CISO roles, their perception of time and risk often shifts: tactical problems demand faster responses, while planning horizons become longer (Whitten, 2008). This dichotomy in how CISOs view time as a limited resource can create decisions that seem urgent to senior leaders but are misread by security managers lacking that long-term perspective. The multifaceted nature of a security manager's role can become a career constraint if the manager does not take initiative in developing their own career plan (Warrick, 2011). Across the empirical studies forming the basis of this analysis, "soft" or difficult-to-quantify factors have consistently proven more important to the long-term performance and career progression of security managers (Whitten, 2008). The ability to create and sustain trust remains the most valuable attribute a security manager can cultivate as they selectively apply techniques, technologies, processes, and procedures across an organization to ensure security and stability β while also contributing to the attainment of broader strategic goals.
Security managers who progress beyond sustaining an organization to leading it often become CISOs. This progression β from maintaining and accomplishing security strategies to defining them and creating a compelling security vision for an enterprise β is often predicated on their ability to become transformational leaders (Krishnan, 2004). The progression to transformational leadership is one of the more difficult aspects of any security manager's career to quantify, yet paradoxically it is the most important.
"Explores four leadership attributes and emotional intelligence in CISOs"
Exceptional security managers quickly progress beyond the constraints of planning, organizing, leading, and controlling in the context of security strategies, and instead seek to create a foundation of trust. This foundation acts as a powerful catalyst throughout their careers as they progress toward senior CISO roles. Over the same period, the "soft" skills accumulated through experience bridge the gaps created by rapidly changing technological advances in security, making organizations more effective and resilient. Understanding how to develop these competencies β both technical and interpersonal β is therefore essential for any security professional with aspirations of reaching the highest levels of organizational leadership.
You’re 69% through this paper. Sign up to read the remaining 1 section.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.