- 70% of the employers across the world consider professional certification as one of the major competencies apart from having good communication skills.
Industry sectors today are driven by information. Due to this, information-dependant corporations seek information security officers with the right education, experience and training. Professionals with a thorough understanding of the business processes, systems and security are in great demand. The ability to evaluate information-specific risks and the develop strategies to mitigate the same are also expected from an Info Sec professional.
Finding effective IT security professionals has now become a challenge in the developed nations!
Although the responsibilities of an info sec professional vary with the size and structure of the organization, here are some of the chief expectations:
Responsibilities of an IT Security Professional
- Should be the contact point of security in the organization
- Advise and update the top management on the security issues
- Perform regular informal and formal risk assessments
- Conduct regular IS facilities audit
- Be ready with the business continuity and disaster recovery plans
- Ensuring that the internal security awareness program has been regularly conducted for every level of users.
The position of ISO requires professionals with educational, training as well as management skills.
Educational Requirements for an IT Security Professional
- A degree in computer science or computer engineering or management information system is a mandate.
- As far as the experience is concerned, thorough knowledge on operating system administration and data communications is a must.
- Completing professional certifications such as Certified Information Systems Security Professional (CISSP) and/or Global Information Assurance Certification (GIAC) is also necessary. Furthermore, Networking Certification, Operating System Certification such as MCSE, Certified UNIX etc., can be a boost.
Certifications and education might not guarantee a career in ISO. This is because expertise can be developed only by experience. Climbing up the ladder of information security requires the following skill sets:
Experience for an IT Security Professional
- An experience of 4 to 5 years as system administrator in e-mail and web-based servers, data management systems and file servers.
- Experience in the maintenance of Firewall, VPN and PKI services.
- Must be familiar with IS security audit tools – commercial scanners and open source tools.
- Should be proficient in malicious codes.
An ISO should be able to check the strength of information security system of an organization.
Top Certifications for ISOs
Organizations are now ready to shell top dollars on their professionals who look forward to get themselves certified in IT security. A small review of interviews and job boards with the IT recruiters in 2013 reveals that following are the top five certifications in IT:
- CISSP – This is the gold standard in IT certifications. CISSP is mandatory for all the info sec professionals at Crowe Horwath (USA). This certification provides a detailed overview of the profession. The U.S. Department of Defense 8570.1 Directive stresses on this credential and requires all contract and government employees to complete this certification.
- CISM – This certification is in demand in the organizations focusing on accountability, business aspects and governance of security. Professionals who can identify and mitigate risks are the most sought after. CISM certification is extremely beneficial for individuals who are planning to grow to senior management positions.
- GIAC – This certification is extremely important in areas of forensics, incident handling, reverse malware engineering and intrusion detection. GIAC is particularly for professionals who want to carve a niche career for themselves.
- Certified Ethical Hacker (CEH) – This certification is gaining popularity among organizations that require experts for performing penetration testing and web application to ensure infrastructure security. This certification is particularly beneficial for entry to mid-level professionals.
- Vendor Certifications – These include Certified Network Associate Certification (CCNA) from Cisco, Certified Security Expert (CCSE) and Certified Systems Engineer (MCSE) from Microsoft. The demand for this certification is continuously growing. Employers now seek vendor certifications for most of the entry-level positions.
However, certifications can never become a substitute for on-job experience. They are only a good way to gage proficiency of the candidates. An effective ISO should have a detailed insight on all the information security aspects.
- https://www.sans.org/reading-room/whitepapers/infosec/ways-effective-information-%20security-1. professional-giac-wannabe-perspectives-601