Skip to main content
POST ATLAS
RoleCybersecurity

Security Manager

1:1s, vendor calls, board updates, budget, security as a people-and-strategy job.

The verdict

First real leadership seat in security. Take it deliberately, the move from senior individual contributor to manager isn't a promotion, it's a different job.

Pick this if
  • You'd rather spend your week on people and budget than on detections
  • You can hold a performance conversation without flinching
  • You can defend headcount and tooling spend to leadership credibly
  • You enjoy mentoring more than building
Skip this if
  • You took the title only because IC progression dried up
  • You can't bear vendor meetings and quarterly reviews
  • You'd resent stepping back from the technical work
What "doing well" looks like in the seat
  • Your team's attrition is below market
  • Your budget asks succeed more often than they fail
  • Your team's outputs improve quarter on quarter without your direct involvement
  • You can answer a board question on coverage and risk without bluffing
The bit you're probably underestimating

The first year is harder than people expect. You'll inherit a team you didn't pick, a budget set before you arrived, and a backlog of expectations from above and below. The technical credibility you built fades faster than you'd like, and the management muscle takes longer to grow than you'd like. Plan for a steep first eighteen months. The managers who make it past that point usually stay in leadership for the rest of their careers.

Tradeoffs at a glance

Hover any chip for the calibrated meaning. Ratings are directional, not absolute.

Promotion ceiling

Director / CISO; ceiling is business communication, not technical depth.

Who actually gets in
  • +Senior SOC / IR
  • +GRC
  • +Security architect
Common misconceptions
  • That management is a promotion. It's a different job, and many great ICs hate it.

Where this leads

  • Director of Security
  • CISO
  • GRC Lead

Certifications people pair with this

Listed because the graph connects them to this role, not because you need all of them. Most practitioners pick one or two.

Pathways that pass through here

The serious next step

You've read about the role. The harder question is whether it's the right one for you.

A Career Verdict is the written, practitioner-authored call on your specific route into and out of this role. Six primitives, same format every time.

Plateau zone
The flat year nobody warns you about, named and timed.
Reality vs Fantasy
Your actual five-year curve against the one you've been sold.
What to sit and what to skip
Each cert on your list: useful, optional, or skip, with reasons.
The call
A single written judgment on whether your plan holds up.
Tradeoff spectrum
What you're giving up for what you're choosing, plotted.
Decisive factors
The two or three things that will actually make or break this.
See what a Career Verdict looks like£25 · one verdict, yours to keep

Built on POST's practitioner-authored assessment framework, calibrated by James from twenty years across helpdesk, infrastructure and security. Framework is human-authored; the verdict applies it to your inputs.

All roles