Infoworld was running an article on "How great IT security leaders succeed". I said earlier that it's a question of attitude, and I find myself confirmed, time and again. But Infoworld has also this to say: "In fact, many CISOs who do have technical skills contend that the knowledge often leads to them getting tied down in too many operational decisions and projects [...]."
I have seen this time and again. I have seen security managers who single-handedly managed their company's security architecture (a great ability to have but it comes at a price). I have seen security managers who were expected by their company to guarantee the integrity of every single setting on any single computer (neat, but losing the big picture). I have seen security managers who were issuing patch advisories with an "Executive Summary" (that would contain the major technical details).