Perhaps you haven’t completed any study specific to security, or perhaps you’ve been reminiscing about that elective you did at university called ‘Cryptography and Security’; either way the options for continuing education in the field of IT security are growing for technologists working with IT security.
The (ISC)2 CISSP
Perhaps one of the best known non-university certifications is the globally recognised Certified Information Systems Security Professional (CISSP). Created by the International Information Systems Security Certification Consortium (ISC)2 and accredited by the ANSI ISO/IEC Standard 17024:2003 accreditation, the content is fundamentally based on confidentiality, integrity and availability.
Formally recognised by a number of federal government agencies the CISSP encompasses ten domains of security and requires:
- at least five years direct full-time security experience
- written exam, consisting of 250 questions and lasting approximately 6 hours. The pass mark is 70%
- the acceptance of the CISSP Code of Ethics
- a number of question relating to criminal history and related background
- the confirmation of another CISSP member
A number of Australian groups meet to help candidates study for the CISSP exam. The Australian Information Security Association (AISA) schedules volunteer led study meetings which help prepare for the exam. These 2 hour study sessions run once per week for the three months leading up to a scheduled exam. A CISSP certification lasts for two years.
Many security and networking vendors offer certifications which relate directly to the design, implementation and management of security infrastructure and software. These include the Cisco Systems ‘CCIE Security’, the Juniper Networks JNCIE, the Check Point Certified Master Architect (CCMA), the Symantec Certified Specialist (SCS), the IBM Certified Advanced Solutions Expert - Security Software Solutions and Services, and the McAfee Strategic Security Education.
Each of these certification courses include a syllabus covering security concepts but focus on the vendors specific technology. Many vendor exams can be done online, and do not always require proof of hands-on experience.
Many security technologists see vendor certifications as necessary to get a pay rise or out-certify other candidates during the job interview, but don’t see all vendor certifications as adding to career professional development. To address this need a number of associations offer Continuing Development Programmes (CDP).
The Australian Computer Society has been running the Certified Professional (CP) programme for a number of years and requires a member to demonstrate 30 CP hours in a twelve month period. CP hours can be logged in a number of ways, however structured activities such as lectures, workshops, seminars, and distance learning courses are the most popular.
Recently, the System Administrators Guild of Australia signaled their intention to create a CDP specific to System Administrators and will launch the programme in September at their annual conference.
Post-graduate University Courses
The number of post-graduate courses at Australian universities has grown to meet the demand of IT professionals. Courses are offered as full time, part time, and as part-time distance learning. Charles Sturt University (known for its excellent distance learning courses) offers a number of programmes including the Master of Information Systems Security. Accredited by the Australian Computer Society (ACS) this course requires the completion of 12 subjects, generally structured over 2 years.
Another option is the RMIT Information Security and Assurance – Master of Applied Science. This course post-graduate covers network infrastructure security, Advanced Encryption, biometrics and IT risk management over a two year full time or four year part time basis. This course includes some programming and mathematics subjects, and is structured for a technical security professional with past study in computer science or engineering.
SANS and the Global Information Assurance Certification (GIAC)
Founded in 1999 GIAC was built to validate the skills of information security professionals with hands-on courses, intensive week long training sessions and a number of SANS training events each year. Currently GIAC offers six areas of study; Software Security, Security Administration, Management, Legal, Forensics and Legal.
With a strong online community and a great deal of online content (almost 1800 white papers are available online, regularly updated), SANS offers those wishing to enhance their security knowledge an opportunity to work at their own pace through an enormous number of topics and technologies.
The next SANS event will be held in Brisbane and offers three GIAC training courses; Advanced Security Essentials, Hacker Techniques, Exploits and Incident Handling and Computer Forensic Investigations.