What is it?
Security is one of the fastest growing areas of IT employment.
In 2005, the number of IT security professionals worldwide grew by
9% to 1.4 million - almost twice as fast as the rate of growth in
other IT professions - according to a study for IT security body
(ISC)2.
The study, conducted by analyst company IDC, predicted that by
2009 there would be 1.9 million people in the IT security
industry.
Employers are devoting more than 40% of their IT security
budgets to personnel, including salaries and training. They put a
premium on recruiting personnel with a security certification, but
providers of IT security services are struggling to find suitably
qualified candidates.
"Consequently, opportunities await those individuals looking to
enter into an information security career," IDC said.
Several organisations offer supplier-independent training.
Outside the US, IDC said, international security training
certificates are preferred.
IT suppliers such as Cisco and Microsoft also provide
accreditation for specialists in secure use of their products.
Where did it originate?
A 1970s paper from the US Department of Defense - Security
Controls for Computer Systems - marked the move away from thinking
about computer protection purely in terms of the hardware to
include people, data and communications. The Information Systems
Audit and Control Association (Isaca) launched the first IT
security qualification in 1979. The International Information
Systems Security Certification Consortium - (ISC)2 - was founded in
1996.
What makes it special?
The IDC survey found certification was a way for professionals
to differentiate themselves in an increasingly competitive market -
an argument that has been used to sell a lot of dubious IT
qualifications. The leading certificates are recognised by bodies
such as the International Standards Organisation.
How difficult is it to master?
Given the fast-changing nature of the threats, and of the role,
maintaining accreditation is a continuous process. More than 60% of
those interviewed by IDC planned to add a further IT security
certificate to their portfolios within the next 12 months. Most
practitioners are graduates. Around 90% are male, although that is
slowly changing. Most have worked for several years within IT
before specialising in security.
Training
Overview of training, development and qualifications
http://scripts.bcs.org/sfiaplus/scty-skill.htm
Isaca's certified information systems auditor and certified
information security manager courses www.isaca.org
The certified information systems security practitioner and
systems security certified practitioner qualifications from
(ISC)2 http://www.isc2.org
Details of the BCS's exam-based
certificates www.iseb.org.uk
The Sans Institute's global information assurance
certifications www.sans.org,
www.giac.org
(ISC)2, Isaca and the Sans Institute have news and resources on
their websites. Look for UK chapters of these organisations,
although the websites indicate that they are less active than the
international offices.
Rates of pay
Security analysts with qualifications such as CISSP can look for
£30,000 to £40,000. With experience, this rises to
£70,000-plus.