Security directors hold some of the most desirable positions in their industry. They oversee many security developments and decisions within organizations and play an important role in protecting personnel, customers, and sensitive information.
According to IBM, the average cost of a data breach was $9.44 million in the U.S. in 2022. These breaches also took an average of 277 days to identify and contain. To handle these threats, cybersecurity directors need a sufficient amount of education, preparation, and professional development.
This guide explores the necessary steps to become a security director. We look at the required training, experience, and credentials, along with the best resources to help aspiring directors land employment.
What Is a Security Director?
Security directors typically take charge of organizations' cybersecurity needs. Their responsibilities may include designing and developing security systems, creating and managing incident response processes, and overseeing the security staff and budgets.
Security directors may work under different titles, such as information security analysts, information security managers, or chief information security officers. Depending on their organizational structure, directors may report to higher security personnel, a technology executive, general management, or the stakeholders.
Cybersecurity directors monitor and analyze security threats to identify potential risks and vulnerabilities. They may also need to provide input on business and tech decisions affecting cybersecurity efforts.
Required Education for Security Directors
The education requirements for security directors vary by role and organization but usually include a bachelor's degree at minimum. With a four-year degree in computer science or cybersecurity, graduates can pursue entry-level IT jobs and work their way to director positions.
A master's degree can accelerate the path to becoming a security director. Many positions, especially jobs in large organizations that require extensive leadership input, may require master's-level credentials. In general, master's degrees may lead to higher salaries and more growth opportunities.
Professionals can also improve their qualifications with experience and noteworthy credentials. Bootcamps, for example, provide specialized practical training that many employers value. Many security professionals pursue bootcamps as continuing education to keep their skills and training up to date.
Explore Your Degree Options
Required Experience for Security Directors
Professional experience is one of the most important qualifications for security directors. Each organization maintains specific experience requirements, but security directors typically have at least five years of cybersecurity experience. Relevant jobs may include information technology or cybersecurity specialists, analysts, or lower-level management positions.
In some cases, an advanced degree may reduce the experience requirements. These programs often include leadership training, advanced security expertise, and extensive internships that can substitute for lower-level experience. Postgraduate bootcamps and certificate programs may have a similar impact.
Internship Opportunities
- CISA Cyber Internships: The Cybersecurity and Infrastructure Security Agency runs summer internship programs for current students and graduates. Paid internships allow students to complete mission-focused projects and attend industry conferences.
- NSA Cybersecurity Programs: The National Security Agency offers several paid summer internship programs for cybersecurity students, including cybersecurity directorate programs. The 12-week programs tackle actual missions and problems handled by the NSA.
- Department of Homeland Security Cybersecurity Internship: The DHS has a 10-week paid cybersecurity internship program in Washington, D.C., for IT students. The program has participants identify and analyze various threats in real-world missions.
Required Certifications for Security Directors
Certifications validate and promote a specific level of industry experience, education, and expertise. While not mandated across the board for security directors, many employers prefer or require certifications, such as ISACA's certified information security manager or the certified information systems security professional from (ISC)².
These credentials typically require a combination of experience, education, and examination. Candidates usually pursue certifications after working in the field to advance or set themselves apart from their peers. Certified professionals often need to maintain their credentials with continuing education.
How Do I Become a Security Director?
The steps to becoming a security director vary but usually include earning a bachelor's degree and gaining professional experience. Some employers require graduate degrees or specific certifications, though professionals can pursue these steps after entering the field.
Prospective cybersecurity professionals often complete general computer science programs at the undergraduate level. Schools may offer cybersecurity-related specializations, electives, or internships to help learners focus their training. Other useful disciplines may include computer forensics or information assurance.
In addition to education and credentials, aspiring security directors typically need sufficient cybersecurity and leadership experience. Depending on the employer, this may be 5-10 years in positions relating to creating security technologies and processes, identifying and managing threats, and reporting on cybercrimes.
Steps to Becoming a Security Director
Small to Mid-Size Organizations
- Earn a bachelor's degree: The most relevant bachelor's degree for security directors likely comes from the information technology field, such as computer science. A cybersecurity or information assurance specialization will provide additional career support.
- Complete an internship: Many bachelor's degrees include internships in the second half of the program. These programs provide on-the-job practical training, plus mentorship and employment opportunities.
- Acquire an entry-level position: Graduates with bachelor's degrees in IT can pursue jobs in technical support or systems administration. These roles allow professionals to build the technical expertise needed for the next stages of their careers.
- Gain cybersecurity and leadership experience: After gaining entry-level experience, professionals can move into the cybersecurity sphere. Here, they can learn about cybersecurity practices and regulations, along with the processes for developing security systems and managing threats.
Large Organizations
- Earn a bachelor's degree.
- Complete an internship.
- Pursue a master's degree: In a master's program, students can tackle advanced topics in cybersecurity. They may specialize their coursework or develop skills in threat detection and analysis, penetration testing, and systems development. They may also complete extensive research and internships.
- Gain cybersecurity and leadership experience.
- Obtain professional certifications: After completing the necessary education and experience, cybersecurity professionals can get certified in various areas. Certifications validate the professional's capabilities in the field and establish them as leaders in these areas.
Should You Learn How to Be a Security Director?
The answer to this question depends on the individual, but there are many rewarding reasons to become a security director. As reliance on computer systems increases, cyberthreats become more detrimental. As a result, security directors play an essential role in protecting the evolving landscape.
To handle security challenges, organizations need regular monitoring and protection, systems maintenance, and adherence to cybersecurity regulations and policies. Security directors with strong interpersonal, problem-solving, and leadership skills can handle these responsibilities.
The interconnectedness of organizations and technology means that many business decisions require increased cybersecurity efforts. Security directors' involvement in decision-making processes can prepare them for executive roles in technology, such as the chief information security officer and chief technology officer.
The Job Hunt
The job search process for a security director position can take on many forms. Some professionals advance within their organizations by responding to internal postings. Others need to apply through job boards like those listed below.
Job-seekers can improve their chances of finding these open positions by attending job fairs, working with mentors, and joining professional organizations.
Professional Spotlight: Courtney Totten
What prompted your journey to become a security director?
I sort of fell into cybersecurity years ago. I started as a technical leader, and on my first day on the job, there was a server breakdown. This event led me to develop a disaster recovery and business continuity plan.
From there, I just kept diving deeper into various areas of cybersecurity, including security operations, project management, incident response, security awareness, product security, and cyberengineering. I moved laterally throughout my career and spent time learning different disciplines.
When I was promoted to the cybersecurity director position, I had spent time in each area of cybersecurity and understood the challenges and opportunities that each team faced. Sometimes, moving horizontally is the best way to move up.
If you work in a particular industry, what prompted this choice and/or how did it evolve?
The U.S. government's mission to advance its interests and protect its citizens is what drove me to this industry. Federal, state, and local government agencies have a clear mission to protect the country's and citizens' data from getting into the hands of threat adversaries. That mission is very clear to me and one that makes me excited to come to work every day.
What educational path did you take to become a security director?
I did not follow the typical education or certification path that many people follow in cybersecurity today. When I entered the workforce 20 years ago, there were no cybersecurity degrees. I was a Business Management major, and I started out in the project management space.
Once I got into cybersecurity, I spent time learning and shadowing cybersecurity experts. I sat with them and asked a lot of questions so I could understand what they were doing. I would say learning on the job was the best experience for me. It is important to be a lifelong learner in this field. I still spend time asking questions from my team, vendors, and customers to expand my skills.
Did you have to pass any certifications or tests to enter the field or progress in your career?
I pursued management certifications, including the project management professional and information technology infrastructure library v4 foundations certifications, early on in my career to get into cybersecurity project management.
Now, there are a lot of certifications individuals can pursue if they are interested in a cybersecurity career, such as the CompTIA Sec+. I would also highly recommend getting an internship, even if you have the education and certifications. There is nothing like getting hands-on experience and learning from the experts who do this daily.
What advice do you have for individuals considering becoming a security director?
Ask questions, develop relationships, and move laterally are my advice. No one knows it all in this industry. Lean on your team of experts. After all, it is why you hired them. Create relationships with your peers outside of your organization to have partners, especially when things go sideways.
Also, spend time moving laterally and learn a day in the life of your team members' shoes. If you move vertically in one area of cybersecurity, you could miss key elements of the other areas.
There are numerous job roles in cybersecurity, including in governance, risk, and compliance; security architecture; cyberengineering; security operations; risk assessment; threat intelligence; and identity management. Be comfortable with moving horizontally before moving up — it can create a phenomenal leader.
What do you wish you'd known before becoming a security director? (Any high and low points worth mentioning?
Cybersecurity is 24 hours a day, seven days a week, 365 days a year. Be ready to take a phone call at 2 a.m., for example. Many threat adversaries work while we are sleeping. If something happens in the middle of the night, it is imperative that you are aligned to the mission and have the passion to get up, get on the call, and figure out a plan.
Always be ready for a cyberincident. Always make sure you practice, so when the event occurs, everyone is prepared to jump on the call and work through the incident.
Courtney Totten is the General Dynamics Information Technology Technology (GDIT) Shared Services CISO and senior director of cloud, infrastructure, and cybersolutions for federal, state, and local government agencies. Totten is a seasoned information technology and cybersecurity leader with 15+ years of experience in various roles across cloud, infrastructure, and cybersecurity.
She has supported the commercial industry at General Electric and Thomson Reuters, as well as the government with GDIT and Booz Allen Hamilton. Totten has a bachelor's degree in business management from Virginia Tech and resides in Richmond, Virginia, with her husband and two children.
More Resources for Future Security Directors
Questions About Becoming a Security Director
-
How do you become head of cybersecurity at a company?
Every path is different, but professionals often need at least a bachelor's degree and five years of experience to become security directors. Some organizations may have more advanced requirements, such as a master's degree or industry certifications.
-
Do you need a degree to become a security director?
Yes. Security directors typically need a computer-related degree at the bachelor's or master's level. While a specialized cybersecurity program provides the most relevant training, an information technology or systems management program can also work well.
-
How long does it take to become a director of security?
The time it takes to become a security director varies with each individual and position. In most cases, these professionals need at least four years for their degree and five years for experience. Additional time may be needed for a master's degree, bootcamps, or certifications.
-
Is it hard to become a cybersecurity director?
Yes. Cybersecurity directors need to meet strict requirements and may face fierce competition for these desirable roles. Candidates can demonstrate their skills and expertise by pursuing industry certifications.
Recommended Reading
Take the next step toward your future.
Discover programs you’re interested in and take charge of your education.