There are two major (and overlapping) areas that I recommend you look into: professional services and compliance. These are by far the two fastest-growing segments. More and more companies are outsourcing portions of their security practice in an effort to reduce costs. Additionally, many companies are using outside consulting firms to shore up information security weaknesses. This is especially true of the software development side of the business, where expertise in secure coding and testing is still hard to find internally. The CISSP certification has become part of the hiring criteria for many of the larger consulting firms, so that should at least be a foot in the door.
As compliance regulations like HIPAA, GLBA and SOX have emerged, they have driven huge growth in the information security field. While they have all caused the audit and security industry to grow extensively, not one has done more than the Payment Card Industry Data Security Standard (PCI DSS). PCI is not only one of the most in-depth security-oriented regulations to date, but it is also one of the most complex. As a result, it has driven a truly impressive volume of security hardware and services purchases.
Large organizations require regular audits of their configurations, processes, policies etc., but because of PCI's complexity, an entire industry of advisors has come to the fore whose sole job is to help clients interpret the regulations to ensure they will pass their audits. As a result, this is another area that should provide a rich hunting ground for a job search.
- Learn more about becoming an information security expert.
- Which certificate offers the best ROI for an IT project manager? Read more.
This was first published in December 2008