Infosecurity analysis is being called the top IT job of the year. Information Security asked Rick Van Luvender, president of InfoSec Academy, what's making security the top job specialty and how does someone get in on the action.
Challenger, Gray and Christmas named infosecurity analysis the hottest security job for 2003-2004. What's making it so hot?
Businesses are increasingly reliant on information systems to function and, as a result, skilled professionals who are capable of protecting the infrastructure from known and unknown threats. Companies are investing more in people with skills that will offer proactive protection, rather than having to rush to bring in the people after the event.
What security skill sets are employers seeking?
Generally, the most sought skills can be divided into two categories: the managerial-level security professional and the security-practitioner level. On the managerial level, the International Information Systems Security Certification Consortium's CISSP is the gold standard certification, which demonstrates a security professional's mastery of (ISC)²'s Common Body of Knowledge. CISSP holders are typically capable of balancing an enterprise's security needs with its business practices.
The practitioner level can be divided further between vendor-specific and vendor-neutral skill sets. An individual with the MCSE security certification is quite capable of implementing a secure Microsoft network, whereas those holding vendor-neutral certifications, such as CompTIA's Security+, can implement security through generally accepted best practices. Beyond the foundation level there are also vendor-neutral specializations that a practitioner can pursue, such as ethical hacking, computer forensics and wireless security.
How important are security certifications?
Security certification aids prevention and strengthens an enterprise's defenses by teaching how to envision, plan and implement necessary procedures before attacks occur. Businesses need to take certifications more seriously. Equally, infosecurity certification vendors should require continuing education or periodic recertification to reinforce the skills the certifications validate.
Are enterprises grooming infosecurity professionals internally or hiring skilled people externally?
On a practitioner level, it makes more sense to take a current employee who has vendor-specific knowledge, who is also a known entity within the organization, and build on that good foundation with the additional security skills.
Managerial positions are more likely external hires, since they require additional skills, technical knowledge and experience.
How does one get into infosecurity?
Infosecurity training validated by a certification exam is one of the best ways to show potential employers that you have attained a certain level of knowledge.