In addition to the usual host of technical skills, working in IT security demands a lot of creativity. You not only need to figure out some ingenious ways to patch flaws in code, but also place yourself in the mindset of potential attackers, in order to assess system-wide vulnerabilities.
Those who manage to climb to the upper ranks of security management generally boast some combination of the following skills:
- Management, because they need to rally teams of engineers
- Communication, because they need to clearly explain dangers to executives
- Negotiation, because they need to obtain resources for security
- Adaptability, to keep up with how tech is evolving
There’s also the need for extreme foresight, especially once a tech pro reaches the upper echelons of their company’s security hierarchy. “Essentially I live five years in advance,” Trent Adams, PayPal’s head of ecosystem security, recently told The Verge. “I’m projecting essentially the next few steps out and planning for them as opposed to reacting to what’s going on today.” You plan for the future, he added, and “build toward it.”
That forward-thinking impulse isn’t unique to any one area of tech. Software and hardware developers often need to think a few years beyond their products’ current iterations, especially if they want to stay ahead of evolving competition. In similar fashion, security experts need to know what interests the world’s black-hat hackers, when it comes to tools for breaking into systems.
As security experts climb the ranks, there’s also an increased emphasis on “soft skills.” One of the reported reasons why Target suffered such a massive data-breach in 2013 was management’s failure to respond to its security team’s warnings. Building solid relationships with executives outside of the company’s tech silo is a good way for a highly placed security expert to ensure that warnings get heard.