It’s unusual for information security professionals to work in a group that directly generates revenue instead of being a cost center. Many find working within a cost center hard, in part because when it is time to cut costs, infosec budgets are among the first to go. Product management provides an opportunity for infosec pros to work in a profit center for a change. (There are others, such as consulting and sales.)
From my perspective, the primary goal of product management is to define product capabilities and drive product adoption. Sometimes this view on product management is called product development.
- Defining product capabilities entails working closely with customers to understand and anticipate their needs. It also requires understanding the company’s strengths and weaknesses related to the market as well as the competitive landscape.
- Driving product adoption involves those steps that help the product find its way to its consumers. This usually requires the need to understand the company’s channel and partnerships, unless the product is sold directly. It also involves regular customer interactions and some aspects of marketing.
In the world of information security, a product might be a hardware gadget, such as a network tap, a piece of software such as an anti-malware tool, or a service, such as a managed security offering. Sometimes it is a combination of these categories.
Here are the type of tasks a product manager might be asked to perform to support the objectives outlined above:
- Define a strategy for the product’s evolution to support business and customer needs.
- Create specifications, prioritize requirements and maintain a roadmap of the features being developed.
- Manage the process of making the product available to customers.
- Act as a subject matter expert for the product’s capabilities in pre and post-sales discussions.
- Collaborate with the engineering team building the product to clarify requirements and specifications.