Skip Navigation LinksHome Page > Introduction > Info for Security Professionals

Information for IT Security Professionals

There are 3 core reasons which drive people to seek further accreditation and certification in the information security field.

  • To increase knowledge base
  • To increase employability
  • To increase remuneration
Knowledge Base

Certifications consolidate a practitioner's ability, skill or knowledge in a particular topic focus, or a series of fundamental principles and concepts. Accordingly, practitioners can choose certifications which will develop or reinforce information security knowledge ranging from fundamental to advanced levels of depth, help them specialise in a particular field, or obtain a more holistic understanding of security topics and technologies.

Employability

In employment processes, when candidates are generally both equally well qualified in education and experience, certification can be the distinguishing factor to an employer. Granted that in many cases there are a large number of other key indicators that will affect the outcome of job applications, certification formally asserting the candidate's skill set is a distinct competitive advantage.

Remuneration

Generally, the more qualified a candidate is, the higher they can expect related remuneration packages to be. As an example, a 2007 survey taken by Global Knowledge identifies 15% difference between those with security certifications and those without (Global Knowledge - "2007 IT Salary and Skills Report - What Impacts Salaries?").

Choosing a Certification: General

Certifications can cost significant amounts of money and time to acquire. Hence, when choosing a certification, a series of factors must be taken into consideration. Initially, a practitioner should ask the following questions:

  • Why do I wish to achieve certification?
  • What is the area(s) of interest that you wish to certify in?
  • Where is your current path in IT security leading? Towards risk management, or towards the technical and operational side of information security?

For each certification that matches the initial criteria, further questions should be asked:

  • How in-depth is the certification on the key areas of interest?
  • How do you study for the certification? Is it self-study? Through external/internal training courses?
  • How current and applicable is the certification?
  • How widely recognised is the certification?
  • How much does the certification cost?
  • What bonuses are to be gained (salary-wise or otherwise) from gaining the certification?

Choosing a Certification: Students

There are a number of foundational level security certifications suitable for students and recent graduates wishing to enter the information security field, such as GISF, GOEC, GSEC, Security+ and TICSA. These certifications aim at providing the broad fundamental and conceptual base of security knowledge useful for gaining an entry level position within a company, or providing the education to shift from another area of IT operations into security.

More specific technical certifications may also be appropriate for students with an interest or job opportunity in a given topic area. However it is important to examine the experience requirements and assumed knowledge of each certification to ensure that it is a feasible undertaking - even if there are no official experience criteria imposed, a certification may require an applied knowledge of a certain IT environment or particular security product that is not practical for an individual to obtain alone.

Choosing a Certification: IT Security Professionals

Seeking accreditation is a natural progression path in today's information security landscape. Certifications aid practitioners in signifying their technical skills and knowledge in mitigating current and emerging risks in information security. Managerial certifications also exist, which help practitioners move from technical oriented positions towards more managerial based security roles.

For practitioners who have just begun their career in information security, certifications can assist in their proof of knowledge base. Similarly, practitioners who seek extensive knowledge in a specific security topic or wish to learn a particular technology can indicate their specialised skills through certification. The post-nominals obtained through certification are valuable additions to a practitioner's title for the purpose of employability and corporate biographies.

Ultimately the desired career objectives of the individual should be the main consideration when choosing certifications. Initially it is recommended that individuals examine the security categories sections below, to obtain a list of security certifications which match their goals. By then examining the mapping of each candidate certification to 17799 and FIPS security tasks security practitioners can use this guide to identify which certifications best match their career objectives.