Information security leaders - the CSOs, CISOs, and IT Directors and Managers - play a critical role in today's businesses. From safeguarding intellectual property, to protecting sensitive customer information, to managing internal IT controls in support of rampant industry and government regulations - information security leaders have a lot on their plates.

One thing I have discovered over the years, both as an employee and as a consultant, is that some information security leaders are highly successful in leading their cause while many are not. I suspect you have noticed this as well. With all things being equal, such as executive support for security initiatives, employee awareness and so on, there are specific personality traits and leadership skills that are essential for success. Here are the most important:

1. Tons of common sense

Information security leaders who have a practical eye for what really works and what does not from a procedural and technical perspective are the ones who succeed. Leaders who are strictly theoretical and work by the book believing that firewalls, encryption and other fancy vendor-pitched solutions are all that is needed are ultimately the ones to fail.

Successful information security leaders make informed decisions. They do not believe everything they hear. They realize that reasonable and practical security documentation, technical controls and organization-wide awareness of the risks involved with IT are really what make up information risk management.

2. Ability to sell

Information security leaders who can sell the importance of security to their executives and employees are the ones who succeed. They possess a passion for what they believe and are able to motivate others through mild persuasion. They know that human actions are motivated by two things: 1) the desire for gain, or 2) the fear of loss. This does not mean they operate based on fear, but rather they educate themselves on the risks involved. Leaders who operate on fear, uncertainty and doubt force safeguards in the name of information security without keeping the end-goals in mind. They sell security based strictly on ROI and theoretical calculations of risk which hardly works in the real world.

Successful information security leaders focus on selling security to others in terms of both the end-user experience (convenience and usability) and the business overall (what it will buy and protect the business from long-term).

3. In touch with technology