The demand is there for IT professionals specializing in security. According to Meta Group research, one in five IT positions involves networking professionals, and budgets for security are growing 25 percent each year, a trend that will continue for at least the next three to five years.

But what does it take to get a position like that, and what is the profile for success? How can you pave a path to this hot security job?

A Secure Profile

The manager of network security combines technical and risk-management expertise with strong business knowledge. It's essential to understand the organization's LANs, WANs, phone systems and remote equipment. The security professional needs to be versed in state-of-the-art encryption technologies, such as PKI (public key infrastructure), Web screening techniques and cross-platform authentication. He or she also needs to be able to discriminate among the features in vendors' offerings, as well as to analyze product pricing.

But the job is so much more: Being effective in this role means possessing a keen sense of what is strategically important to the organization. If the company is a sales organization dependent on CRM (customer-relationship management) applications, for instance, a hacker or network failure could wipe out its business. Sales depend heavily on making sure firewalls and other security measures work. In this case, the manager of network security must communicate regularly with business managers, sales division heads and the CRM program management office, as well as with IT, to understand applications and business processes, and to ensure effective risk management. Those demands mean that interpersonal skills are a must, as is the ability to manage a team.

The manager of network security also needs to take on a project-management role. The responsibilities of that role include setting up and enforcing policies, determining risks to equipment and systems, prioritizing security maintenance and managing failures. The security manager must develop a disaster recovery plan and ensure adherence to regular testing and monitoring. While most security managers typically have staff to assist in these tasks, the buck ultimately stops with the manager.

Got What It Takes?

If you're considering this type of position, you will first need to analyze your own profile: What skills do you possess that apply to network security? Do you have the experience in the required technologies, such as encryption and password administration? Do you have project-management experience? If you haven't held the title of project manager in a previous job, what related experience do you have? For example, you would be a candidate for this type of job if you have supervised an equipment rollout that required extensive coordination between business people and technical colleagues.

The key is having the combination of skills necessary for network-security project management. These skills include technical knowledge of security systems as well as competencies in written and verbal communications, understanding business needs, experience working with customers and vendors, and analytical and problem-solving abilities. This position also requires the ability to make presentations to senior staff as well as to peers.

Once you've assessed your skills and experience, you need to determine how you stack up. A matrix approach, such as that used by many human-resources organizations, works well. Now you can take steps to address any missing or lacking skills. This should be done with feedback from your current manager and HR staff. If you need training, use all the internal resources at your disposal. The challenge here is that some organizations sponsor only technical training and won't fund any that is not directly job-related. But to move up the hierarchy, all IT professionals need an understanding of business requirements, industry knowledge and "soft" skills such as communications and presentation. These abilities historically have not been developed by IT organizations nor by computer-science and engineering-training institutions. You must take the initiative.

Cultivating Contacts

Aside from keeping technical skills hot, the best way to ensure career development is to maintain good relationships with current and former supervisors and colleagues. Communicating desires and expectations to management is critical: The boss can't move you along if you don't tell him or her your career plans and goals. If you're in a junior position, this means keeping tabs on the performance objectives and steps required to move on to the next position; this strategy will also put you on the path to becoming a manager of network security. This process requires you to keep an updated job profile, entering information about current tasks and assignments into a department or corporate skills database. Or maintain your own version of a skills profile.

The most effective way to leverage the career ladder is to establish and maintain good relationships with individuals who know your work and will be able to recommend you for a new position. This can take some effort. But a personal referral by a respected person holds more credibility than other types of references.

Maria Schafer directs human capital management research at Meta Group, an information technology research and advisory services firm based in Stamford, Conn. Send comments on this article to her at careers@nwc.com. For information on Meta Group's IT Staffing and Compensation Guide, go to www.metagroup.com/humancapital.