The Transition From a Technical Position to a Management Role

My next step into the managerial role was towards Information Security, where ACLs and NMAPs were not part of the vocabulary AT ALL. A simple analogy: think of Google maps, when you search for your street. At 50m (200 feet) distance, you can clearly see your street name, the junctions and the color of the roofs. From 500m (2000 feet), street names disappear and now you just have a blurry view of the details, however your placement in neighborhood start to become clearer, as does your vision of the “big picture”. This is where I struggled to accept my new reality: The details (or the HOW) were gradually vanishing from daily tasks, being replaced by a better understanding of security within the organization (WHY).

Information Security Management - Big Picture

One thing is worth mentioning though: you never “unlearn” something in the process of becoming a manager; instead a new set of “knowledge priority” is built in your mind.

To be an accomplished leader, you should be comfortable with certain soft skills. Stop for a moment and answer the following questions with sincerity:

–         Do I feel comfortable standing in front of a crowd of Senior Managers and presenting results/findings?

–         How skillful am I influencing my team/peers to do the tasks required to achieve a goal?

–         Would I be happy giving up (partly, but sometimes entirely) my hard earned technical sharpness to become a leader?

–         Would I be able to cope with high-level report preparation instead of the hands-on activity I performed in the past?

Needless to say that not all management roles require the skills above, but the higher you go on the ladder, the higher these skills will be required from you.

After reading all this, sitting in a manager’s chair doesn’t seem that easy anymore, right? But now let’s look at it from the bright side:

Imagine a professional with a non-technical background (i.e. financial) becoming an IT manager (have you seen it happening before? :)). Perhaps this person already has the soft skills you lack right now, but how easy would it be for him/her to get the grasp about the IT technicalities? Believe me: it takes several years to build a solid technical foundation, whereas the soft skills will be gradually absorbed throughout your career from the beginning, so by the time you accept the managerial role, you already have a reasonable idea on how to manage. Being a Brazilian citizen I see it happening everyday in our football clubs: players becoming coaches, with a considerable rate of success. I’m sure that will be your case too!

Furthermore, as a technical person moving into management, your role in the organization will likely be to effectively bridge the gap between those involved in the business aspect of the company and those holding down the IT security jobs.

Finally, you should make sure that you do not micromanage just because you used to hold an IT security career and you miss it or think you can do it better than your team members. Learn how to sit back and let your people do their IT Security jobs as long as they are performing them effectively and interfere only when you absolutely have to. And the most important advice of all, don’t fear being incapable of acting as a manager. Life is a constant change and it’s up to us to improve ourselves by opening up our minds and accept new challenges. If you plan right, perform regular self-assessments and keep a positive attitude you’ll be better able to savor the good meals at the fancy restaurants. Bon appetite! 🙂

-Adriano Dias Leite

Pages: 1 2

Filed Under: ArticlesCertificationsFeaturedFrom me to youFront PageJob MarketMy careerNews


RSSComments (16)

Leave a Reply | Trackback URL

  1. Ramboo says:

    Very nice article Adriano, its everyone’s feel during the transition. We cannot be technical lifelong, because of the new technology changes most frequently.

    Moving to management makes to lose our hardly earned technical knowledge and hands on experience.

    I am on the confusion phase,either to move to management from technical or not.

    Also have a plan to move to management where a team works on my technical skills.

    Please suggest.

  2. Mahendra says:


    A very nice article! Very well explained and written. It helped me validate my thoughts about switching to a management profile. Thank you!

    I am sure you make an excellent manager.



  3. Mugu says:

    I am not intresting in reading that much.. but your topic and the way you have connected things are really good and made me sit down and read the complete article.

    Good article 🙂

  4. Adriano, interesting post and, yes, some vocations have a definite food pyramid structure with very few fat cats at the top. One way to get into management: start your own company!

  5. Miguel Mena says:

    Good stuff Thanks!!!

  6. Sir Thinkalot says:

    Hello Prague Knight, i’m very please that this thing is going very well.
    I remember how it started about a few years ago, and now a huge success, well done 🙂

  7. harvesting boy says:

    This is one of the best articles on this site – thank you for sharing with us. I check every month to watch and you never let us down you do a fantastic service for the community, thumbs up keep it up.

  8. Mauricio Zuccolotto says:

    Great article!

    IMHO, An experienced manager from another field (such as Administrative) could be a good ITSEC Manager, but the one who had a techie field exp that improved the admininstrative/people skills during time could be a great one!
    The one who will not be fooled by techies or suppliers as well as be seen as a point of reference of knowledge.

    Congrats Adriano.

  9. […] preparation for an interview (regardless whether you are a senior professional going for your first managerial role or just starting your Infosec career), and my plan is to update it on a regular basis with further […]

  10. One thing I’ve seen stand in the way of many technical people is their belief that the technology exists for its own sake; they don’t see the business that they work for and they don’t understand the business needs that dictated the expenditures on the technology. If you don’t see the business needs for the technology then you are not going to see the business needs for the right level of security and you’ll never show the company that you are management material.

    The best management material I’ve seen are the people that understand the depth of the ISO 27000 series standard and how much more it is then just technology. Sure, probably about 60% of the material is related to the technology, but that isn’t because it is the most important only that it is the most complicated! Look at the standard and understand how people, facilities, services, and environmental aspects fit into the total security package. Know how to handle risk management (not just risk assessment) and how to handle risk through acceptance, transference, transformation, and avoidance as well as mitigation … unfortunately the “too technical” folks only thing about mitigation!

  11. shobha says:

    Thanks for the good article. I am in the transition phase now and looking forward showcase required soft skills to climb the ladder.

  12. […] the original post: The Transition From a Technical Position to a Management Role — My … Share and […]

  13. Chris says:


    This was a well written article that mirrors my own experience with moving through engineering to management. I think the point that MD was trying to make is that many organizations require management to be part of the technical team as well, being a senior engineer as well as having to take on the responsibilities of dealing with Human Resources, career development / mentoring, etc.

    Good read, thanks!

  14. MD says:


    Hands-down to your point about the higher you get in the ladder the less technical your functions become(for the most part). In addition to that, someone ends up spending more hours dealing w/ more pressure and crucial responsibilities. Thus, I am getting to phase where it makes more sense to have my own business(as you mentioned) as least whatever effort/energy you dedicate it’ll impact your business directly rather than someone else.
    Keep up the good work w/ posting security articles and btw I am big Brazil soccer fan and will definitely cheer for Brazil in 2010 WC 🙂

  15. MD says:


    Very good article which contains some useful tips (thanks for sharing). One point would like to make that there are some few security fields and jobs that combine both technical and managerial responsibilities (of course that also depends on the organization you work for). In my case (for example) I have been working in IPTV/VOIP field for few years and not only it’s great field to get into, it approaches security from both technical and managerial perspectives, which makes it always a live and full of new challenges.

    • Hey MD, thank you so much for your comment and for reading the article!
      Indeed, there are cases where you can wear both hats, but as I mentioned in the article, the higher you climb into new levels, the lower you contact with the bits and bytes. That’s kind of natural and should be enjoyed, not avoided.

      As for the job you currently hold, that’s the best of two worlds. Hopefully someday I’ll open my own company and give myself 50% time in either side! 🙂