## What the role is really about
A Security Manager owns a 5-10 person function (most commonly a SOC, AppSec, or GRC team). The hardest transition is psychological: stop being the best individual contributor on the team, start making the team better than you.
Your day shifts from triaging incidents and shipping detections to 1:1s, hiring loops, runbook reviews, vendor escalations, and quarterly OKR planning. Engineering instinct still matters — you must be able to call out a bad detection or a flimsy threat model — but you no longer ship.
## What you're measured on
- **Team output**: tickets closed, MTTD/MTTR, detection coverage, audit findings closed
- **Team health**: attrition, on-call burnout signals, hiring velocity, internal promotion rate
- **Operational maturity**: runbook coverage, post-incident review cadence, on-call rotation fairness
- **Cross-functional**: SLAs with IT, engineering, legal, GRC
## The leadership readiness lens
When CyberActive grades you for this rung, we look at five dimensions:
1. **Team leverage** — can you describe a system you built that made the team faster?
2. **Operational maturity** — do you measure what matters, not what is easy?
3. **Hiring judgment** — can you articulate your bar, your loop, and your last bad hire?
4. **Conflict handling** — have you managed an underperformer through to either improvement or exit?
5. **Comms clarity** — can you brief your director in 3 bullets, not 30?