Information Security

Defending the digital infrastructure


Get started Bring yourself up to speed with our introductory content.

Q&A: Starting a new career in cybersecurity

InfoSec Academy President Rick Van Luvender discusses why starting a new career in cybersecurity is a good bet, and how to best go about doing it.

Infosecurity analysis is being called the top IT job of the year. Information Security asked Rick Van Luvender, president of InfoSec Academy, what's making security the top job specialty and how does someone get in on the action.

Challenger, Gray and Christmas named infosecurity analysis the hottest security job for 2003-2004. What's making it so hot?

Businesses are increasingly reliant on information systems to function and, as a result, skilled professionals who are capable of protecting the infrastructure from known and unknown threats. Companies are investing more in people with skills that will offer proactive protection, rather than having to rush to bring in the people after the event.

What security skill sets are employers seeking?

Generally, the most sought skills can be divided into two categories: the managerial-level security professional and the security-practitioner level. On the managerial level, the International Information Systems Security Certification Consortium's CISSP is the gold standard certification, which demonstrates a security professional's mastery of (ISC)²'s Common Body of Knowledge. CISSP holders are typically capable of balancing an enterprise's security needs with its business practices.

The practitioner level can be divided further between vendor-specific and vendor-neutral skill sets. An individual with the MCSE security certification is quite capable of implementing a secure Microsoft network, whereas those holding vendor-neutral certifications, such as CompTIA's Security+, can implement security through generally accepted best practices. Beyond the foundation level there are also vendor-neutral specializations that a practitioner can pursue, such as ethical hacking, computer forensics and wireless security.

How important are security certifications?

Security certification aids prevention and strengthens an enterprise's defenses by teaching how to envision, plan and implement necessary procedures before attacks occur. Businesses need to take certifications more seriously. Equally, infosecurity certification vendors should require continuing education or periodic recertification to reinforce the skills the certifications validate.

Are enterprises grooming infosecurity professionals internally or hiring skilled people externally?

On a practitioner level, it makes more sense to take a current employee who has vendor-specific knowledge, who is also a known entity within the organization, and build on that good foundation with the additional security skills.

Managerial positions are more likely external hires, since they require additional skills, technical knowledge and experience.

How does one get into infosecurity?

Infosecurity training validated by a certification exam is one of the best ways to show potential employers that you have attained a certain level of knowledge.

Article 11 of 12
This was last published in November 2003

Dig Deeper on Information security certifications, training and jobs

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All