Like all IT professionals, information security experts know that they need qualifications to further their career.
Choosing a qualification can be tricky, because information security is a complex, multidisciplinary field. People rarely plan their career in detail, and given the ever-changing technical environment, most of us struggle to predict our career beyond the next few years.
IT Governance is aware that there is a considerable shortage of people with cyber security skills, and we’re helping people fill the skills gap and enter the field. A career in cyber security is becoming increasingly attractive, with plenty of job opening and opportunities to progress into senior roles.
The spirit of our campaign is summed up by one of our customers, who said:
“My company needed a cyber security champion and I needed the qualifications to prove it. I have quickly moved up the management ladder and can truly describe your training as ISO 27001 rocket fuel.”
An ISO 27001 qualification is certainly something all cyber security professional should have, but you might also want to consider other avenues.
Do you need to know the technical stuff?
Training and HR managers often ask: “Do you want a technical job or a management-level one?” For prospective cyber security professionals, the answer should be: “Both, but not necessarily at the same time.”
Anyone pursuing a career in information security needs to know about IT systems (hardware, software and networks), applications and the people who use them. They also need to understand the bewildering array of threats and vulnerabilities that characterise modern cyber attacks. And, yes, they also need to be aware of the security provided by commercial products offered by small and large vendors (it’s a necessary evil).
Start with the basics
Those in the early stages of their careers should get as much practical experience as possible and pursue industry-standard qualifications offered by the likes of Microsoft, Cisco and HP. The vendor-independent learning path offered by CompTIA is also a good option, and its A+, Network+ and Security+ qualifications are highly valued worldwide.
And the very specialist stuff?
When people gain more experience, they often specialise in the ‘dark arts’, including security architecture, penetration testing, digital forensics, incident management and security, and compliance auditing.
These careers require specialist training and qualifications, which should always be from independent organisations and assessed by examination.
Get qualified now
As you move into more senior roles, you’ll almost certainly need to manage people or advise others on management. This might be as part of a technical team of specialists or managing the people, processes and technology associated with information security management.
The latter requires a thorough knowledge of asset and risk management and the controls required to mitigate the risks organisations face. This is where the skills associated with ISO 27001 Foundation and ISO 27001 Lead Implementer qualifications have the greatest influence.
If you’re interested in a senior role, you should get qualified as soon as possible. It’ll be harder to find the time later in your career, and it demonstrates to current and future employers that you are dedicated and ambitious.
Pursuing qualifications as soon as possible is generally good advice whatever career path you choose. It will help you capitalise on the pressing need for cyber security experts and gain valuable experience.
IT Governance offers training courses, tools and services to help you study for a variety of qualifications.