Careers in Information Security Management

Network / Systems Administration
What you should be aware of

Security Fundamentals Access Control Ethical Hacking
Network Security Identity Management Social Engineering
Operations Security Cryptography Penetration Testing
Application Security Database Security Vulnerability Assessment
Threats Data Security Countermeasures
Vulnerabilities Data Backup Secure Internet Access
Virus Restoring Backup Internet Filtering Software
Trojans OS Hardening Digital Certificate
Worms Windows Administration Digital Signature
Spyware Windows Registry File Transfer Protocol
Adware Boot Sector Virus Incident Response
Keylogger Corrupted Registry Port Scanning
Phishing Desktop Security Packet Sniffing
Spamming Denial of Service Password Cracking

Suggested certifications:    Network+, Security+, MCSA, MCSE, MCP, CCNA, CCNP
Certifying organizations:  CompTIA, Microsoft, Cisco

Network / Application Security Assessment
What you should be aware of

Network Security Testing Cryptography Ethical Hacking
Web Application Security Testing Public Key Infrastructure Social Engineering
Operating System Security Data Encryption Standard Penetration Testing
Patch Management Advanced Encryption Standard Vulnerability Assessment
Perimeter Defense Directory Traversal Countermeasures
Reconnaissance Code Analysis Digital Certificate
Footprinting Code Injection Attack Digital Signature
Enumeration Cross Site Scripting Steganography
Google Hacking Cross Site Request Forgery System Hacking
Identify Theft Metasploit Framework Session Hijacking
Malware Privilege Escalation Man in the middle attack
Keystroke Loggers SQL Injection Password Cracking
Firewall Architecture Thread Modeling Wireless Sniffers
Intrusion Analysis Threat Profiling Wireless Traffic Analysis
IDS / IPS Denial of Service Wireless Security Layers
Unified Threat Management Distributed Denial of Service Wireless ARP Poisoning

Suggested certifications:    Security+, GISF, CEH, GPEN, GWAPT, GAWN, CWNA, CWSP
Certifying organizations:   CompTIA, EC-Council, SANS

Incident Response & Computer Forensics
What you should be aware of

Electronic Evidence Data Acquisition and Duplication Incident Response
Digital Forensics Event Correlation Cyber Crime
Digital Media File Recovery Tools Cyber Law
Intrusion Analysis File Signature Analysis Cyber Warfare
IDS Architecture Hash Analysis Live Response
Intrusion Prevention System Image File Forensics Security Incident Report
Security Monitoring Mobile Forensics Investigation Process
Network Traffic Analysis Network Forensics Operating System Forensics
Log Capturing Windows Forensics Kerberos Authentication Process
Log Analysis Windows Registry Analysis Denial of Service
Packet Decode Signature Analysis Email Fraud
Intruder Footprints Static Analysis Process Steganography
False Positives Emergency Response Team Unified Threat Management

Suggested certifications:    Security+, CEH, GPEN, CHFI, GCFA, GCIA, GCIH, GREM
Certifying organizations:  CompTIA, EC-Council, SANS           

Information Security Management
What you should be aware of

CIA Triad Security Practices Asset Management
Network Security Security Policy Asset Valuation
Operations Security Security Strategy Risk Assessment
Physical Security Security Architecture and Design Privacy Laws
Access Controls Security Roles and Responsibilities Regulatory Compliance
Identity Management Information Security Controls Risk Evaluation
Software Development Security Information Security Framework Risk Management
Database Security IS Program Development Risk Mitigation Strategies
Cryptography IS Steering Group Information Risk Management
Source Code Security Enterprise Security Requirements Configuration Management
Threat Modeling Enterprise Governance Framework Incident Management
Penetration Testing BCP / DR Problem Management
Vulnerability Assessment System Resilience Service Level Management
Telecommunication Security Computer Crime Investigation Cost Benefit Analysis

Suggested certifications:  Security+, GSEC, CISSP, CISM, ISMS
Certifying organizations:   CompTIA, SANS, ISACA, ISC2, IRCA

For specific information on various certifications and their pre requisites visit our training synopsis on Information Security Management.

The first step to choosing a career in Information Security Management (ISM) is to determine the area of interest in information security.

  • Do you want to focus on securing code?
  • Or is your interest more in computer forensics?
  • Or handling security audits of networks and systems?
  • Maybe, a security researcher who identifies vulnerabilities in products or applications?
  • Or a security consultant who implements international standards such as ISMS?

Certifications can be a great help, since you will learn a lot about information security and also validate your knowledge of the domain.

Those interested in security should first pursue certifications that will help them gain general IT skills.

Network certifications such as Network+ from the Computing Technology Industry Association (CompTIA) and the Cisco Certified Network Associate (CCNA) will help provide a good foundation of general network knowledge on which to build the security skills.

In addition to network certifications, for those who wish to work with Windows operating systems, the Microsoft Certified Systems Engineer (MCSE) can be very useful.

For general security practitioners, a good entry-level certification is the Security+ certification from CompTIA. It provides the basic knowledge required for securing a network, and is slowly gaining popularity and recognition. The GIAC Security Essentials Certification (GSEC) from SANS Institute is also good for representing broad security knowledge.

Perhaps the most recognized certification for general security practitioners is the Certified Information Systems Security Professional (CISSP) from the International Information Systems Security Certification Consortium (ISC)2. This certification is highly recognized and respected in the security community since it requires candidates not only demonstrate knowledge of 10 domains of information security but also document at least four years of security experience.

A thorough understanding of each of these domains is not required, so this is a good certification for anyone interested in the security field, and even if you wish to specialize in a certain aspect, the wide range of knowledge is beneficial.

For those interested in more-specific security certifications, SANS Institute as well as EC-Council offer many highly regarded certifications, such as, GIAC Certified Penetration Tester (GPEN) and Certified Ethical Hacker (CEH), GIAC Certified Forensics Analyst (GCFA) and GIAC Certified Incident Handler (GCIH) and Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA) provide more detailed coverage for precise areas of information security.

The Information Systems Audit and Control Association (ISACA) offers the Certified Information Security Manager (CISM), a certification for those interested in managing and overseeing enterprise-level information security and the Certified in Risk and Information Systems Control (CRISC), a certification for those responsible for managing business risk for enterprises and capable of implementing appropriate IS controls.

A good understanding of how to implement international standards such as ISO 27001 Information Security Management Systems (ISMS) is considered quite important for those aspiring to for a career in information security.

Customer Feedback