Certification is key to cash in on growth in IT security

What is it?

What is it?

Security is one of the fastest growing areas of IT employment. In 2005, the number of IT security professionals worldwide grew by 9% to 1.4 million - almost twice as fast as the rate of growth in other IT professions - according to a study for IT security body (ISC)2.

The study, conducted by analyst company IDC, predicted that by 2009 there would be 1.9 million people in the IT security industry.

Employers are devoting more than 40% of their IT security budgets to personnel, including salaries and training. They put a premium on recruiting personnel with a security certification, but providers of IT security services are struggling to find suitably qualified candidates.

"Consequently, opportunities await those individuals looking to enter into an information security career," IDC said.

Several organisations offer supplier-independent training. Outside the US, IDC said, international security training certificates are preferred.

IT suppliers such as Cisco and Microsoft also provide accreditation for specialists in secure use of their products.

Where did it originate?

A 1970s paper from the US Department of Defense - Security Controls for Computer Systems - marked the move away from thinking about computer protection purely in terms of the hardware to include people, data and communications. The Information Systems Audit and Control Association (Isaca) launched the first IT security qualification in 1979. The International Information Systems Security Certification Consortium - (ISC)2 - was founded in 1996.

What makes it special?

The IDC survey found certification was a way for professionals to differentiate themselves in an increasingly competitive market - an argument that has been used to sell a lot of dubious IT qualifications. The leading certificates are recognised by bodies such as the International Standards Organisation.

How difficult is it to master?

Given the fast-changing nature of the threats, and of the role, maintaining accreditation is a continuous process. More than 60% of those interviewed by IDC planned to add a further IT security certificate to their portfolios within the next 12 months. Most practitioners are graduates. Around 90% are male, although that is slowly changing. Most have worked for several years within IT before specialising in security.


Overview of training, development and qualifications http://scripts.bcs.org/sfiaplus/scty-skill.htm

Isaca's certified information systems auditor and certified information security manager courses www.isaca.org

The certified information systems security practitioner and systems security certified practitioner qualifications from (ISC)  http://www.isc2.org

Details of the BCS's exam-based certificates www.iseb.org.uk

The Sans Institute's global information assurance certifications www.sans.org, www.giac.org

(ISC)2, Isaca and the Sans Institute have news and resources on their websites. Look for UK chapters of these organisations, although the websites indicate that they are less active than the international offices.

Rates of pay

Security analysts with qualifications such as CISSP can look for £30,000 to £40,000. With experience, this rises to £70,000-plus.


Read more on IT risk management