In today’s globally networked environment, we are wide open to security threats. A computer security breach is no longer a question of how, but when?
Without doubt, the requirement for information security professionals continues to grow by the day.
Despite adequate experience, your resume needs something quantifiable and verifiable to show employers you have the expertise they need.
Positions in many large corporations worldwide require relevant certifications, and professionals with the right credentials have a higher earning potential and better career opportunities.
Some of the fast emerging career options in the industry are
- Information Security Management (ISM)
- Information Technology Service Management (ITSM)
- Governance, Risk & Compliance (GRC)
Individual area of interest varies from person to person. Acquiring the right certifications would go a long way in validating your knowledge and giving individual credibility. More important, it makes a statement about who you are and how serious you are about your career.
It is important to note that each certification comes at considerable cost and care should be taken to decide which certification/s would add value to your chosen line.
Information Security Management (ISM)
General IT skills are quite important. Therefore, certifications such as Network+ from the Computing Technology Industry Association (CompTIA) and the Cisco Certified Network Associate (CCNA) will help provide a good foundation on networking and Microsoft Certified Systems Engineer (MCSE) will help understand operating systems in a better manner.
Hands on technical expertise would be required for handling network security, penetration testing, vulnerability assessment, application security testing and computer forensics
For general security practitioners, a good entry-level certification is the Security+ certification from CompTIA. This can be followed by the Certified Ethical Hacker (CEH) from the International Council of Electronic Commerce Consultants (EC-Council) which is the first step in network security.
For handling security audits, certifications like Certified Information Systems Auditor (CISA) from Information Systems Audit and Control Association (ISACA) and internationals standards such as ISO 27001 (ISMS) would come in useful.
For defining security policies and procedures and managing enterprise level information security, certifications like Certified Information Systems Manager (CISM) from ISACA and Certified Information Systems Security Professional (CISSP) from the International Information Systems Security Certification Consortium (ISC)2 would help establish the right credentials.
For those who wish to specialize in computer forensics, Computer Hacking Forensic Investigator (CHFI) from EC-Council or the GIAC Certified Forensics Analyst (GCFA) from SANS Institute would prove useful.
The most recognized certification considered as the Gold Standard for general security practitioners is the CISSP. This certification requires candidates not only demonstrate knowledge of the 10 domains of information security but also possess a minimum of four years of direct security experience.
One of the important criteria for a career in information security is experience. Most professionals start as network specialists, systems administrators or programmers, gain experience and knowledge and then make the transition to a full time security position. It is essential to gain the necessary exposure and skills to succeed in information security.
Information Technology Service Management (ITSM)
The entry level certification is ITIL Foundation followed by Intermediate Modules for Service Capability and Service Lifecycle which needs to be topped up with a Capstone course to become an ITIL Expert.
ITIL Experts are usually responsible for helping organizations adopt the ITIL framework which helps the organization plan for ISO/IEC 20000 (ITSM) certification.
Any organization involved in Service Delivery & Support is required to adopt ITIL and obtain the ISO/IEC 20000 certification to maintain that competitive edge.
Governance, Risk & Compliance (GRC)
Any organization which aspires to get listed in global stock exchanges such as NASDAQ is required to ensure better governance with more transparency and control over financial reporting as per the Sarbanes-Oxley (SOX) Act.
Certifications such as Control Objectives for Information and related Technology (COBIT), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) from ISACA add tremendous value to individuals who aspire for a career in GRC.
Our recommendation
Step 1
Get some entry level certifications such as Network+, Security+, CEH, ITIL and obtain practical work experience.
Step 2
Plan for higher level certifications such as CISA, CISSP, CISM, COBIT suitable for management roles
Step 3
Specialize in your area of interest
- Vulnerability Assessment & Penetration Testing (VA/PT)
- Application Security
- Computer Forensics
- Access Control
- Identity Management
- Operations Security
- Information Security Management Systems (ISMS)
- Information Technology Service Management (ITSM)
- Business Continuity Planning & Disaster Recovery (BCP & DR)
- Information Systems (IS) Audit
- IT Governance
- Risk Management
- Compliance
Continuing education is the key to keep your career recession proof