USA India
Home Articles UserTV Press Releases Dictionary Books Education Careers B-Channels Resources Forums Blogs Classifieds
Sunday 20 Jul, 2008 eNewsletter Register Login
Archives
Articles By Date
Articles By Category
 
 
 Archives >> Details
A secure career awaits
Posted by : Molly W. Joss

If you want a hot IT career that I promise will never be boring, think about a career in IT security. Now that more and more companies are developing Web sites and depending upon those sites for significant revenue or customer support, the need for IT security is greater than ever. Last year, cyber attacks cost businesses billions of dollars. The I Love You worm did more than $8 billion in damage alone, according to reports from the Carlsbad, Calif.-based research firm Computer Economics. Security experts around the world expect the number and severity of attacks to increase sharply in the next few years, only increasing the need for competent and resourceful IT security professionals.

I wanted to spend this column talking about security certifications because I believe that to be a true professional in the IT security field, you must consider some type of certification, and possibly multiple certifications. Certifications in security prove to your potential or current employers that you have the depth and breadth of knowledge needed to fend off sophisticated acts of cyber violence. Certifications also ensure that you have the training and experience needed to help your employers or clients make their way safely in the IT world.

General certifications

Two major and widely recognized general-knowledge certifications are available in IT security, both created by industry groups. These are the certifications that pop up most often in help-wanted ads and company wish lists for IT security personnel. The International Information Systems Certification Consortium--known as (ISC)2--is a nonprofit organization created several years ago by government agencies, several IT firms, and Idaho State University. These groups have cooperated to create and maintain the Certified Information Systems Security Professional (CISSP) program.

You can find out about the CISSP program, and even download a study guide with sample questions, by visiting the (ISC)2 Web site www.isc2.org. I'll warn you, though, that if you are just starting out in the security field or are looking for a quick way to enter the field, CISSP certification won't help you. To sit for the certification exam, you must first prove that you have worked in the IT security field for three or more years. The exam is a tough one that really tests your security experience.

You should know about it, though, if you're just starting out or getting ready to enter the field. (If you're already an IT security professional, you should have already heard about the CISSP or have obtained certification). If you're new to IT security and want to know what kind of knowledge and jobs to pursue, you can get a good idea by reading through the study guide and study resources (also on the Web site). You'll be able to put yourself in the best position to obtain this certification--or the one I'll talk about next--as soon as you can.

The Information Systems Audit and Control Association (ISACA) offers the Certified Information Systems Auditor (CISA) certification. To take this exam, you have to demonstrate a minimum of five years of IT security experience. You can take the exam and pass it before you have the full five years, but you can't use the designation until you have the experience. To find out more about the exam and the requirements, go to the organization's Web site www.isaca.org.

Once again, this is a certification that requires you to have significant experience--a few weeks in a classroom won't help you. Think about it for a minute and you'll understand why the organizations that created the certifications require so much experience. In IT security, education is no substitute for hands-on, nitty-gritty experience. So years of experience and training really are necessary to be an experienced, dedicated IT security professional.

Both organizations require continuing education and recertification exams periodically in order to keep the certification current once you've earned it. They do this because as quickly as the guys in the white hats can work and learn, the guys in the black hats have figured out some other way to search, seize, and destroy IT assets. If you enter the field as a professional, understand that continuing education and recertification will be a way of life.

Specialty certifications

In addition to these general-knowledge IT security certifications, there are a number of specialized IT security certifications that focus on specific areas of IT infrastructure, such as firewalls. Even disaster recovery, which you wouldn't ordinarily associate with security, is a one of the areas of specialized IT security.

The SANS Institute www.sans.org has developed a number of specialized security certifications, including ones for Unix and NT environments. The High Tech Crimes Network www.htcn.org has developed several certifications, including the Certified Network Security Professional and the Certified Computer Forensic Technician.

To learn more about other specialty certifications, you can visit the Web site of the Information Systems Security Association Inc. www.issa-intl.org. On the site is a list of professional certifications related to security, with links to the Web sites of the various organizations. Here is a brief description of a few of the certifications described on the ISSA Web site:

Certified Business Continuity Professional (CBCP), offered by DRI International, is for professionals who have at least two years' experience in business continuity/disaster recovery planning. DRI also offers the Associate Business Continuity Planner (ABCP) for people who don't have at least two years of experience or who work in IT areas related to disaster recovery.

The Institute of Internal Auditors (IIA) offers several certifications related to IT security. The one that caught my eye is the CIA designation (Certified Internal Auditor). This certification exam tests the candidate's knowledge of IT security risks, effective ways to control the risks, and how to ward off attacks. Don't worry, you won't have to know anything about international espionage.

The Association of Certified Fraud Examiners is a professional organization whose members are auditors, accountants, fraud investigators, and criminologists, among others. A few years ago the association put together the Certified Fraud Examiner program for members interested in demonstrating their knowledge of fraud detection and prevention--including ways of doing this in the IT world.

The American Society for Industrial Security (ASIS) developed the Certified Protection Professional (CPP) certification for IT security professionals who want to demonstrate their ability to create and manage complex security systems for medium and large businesses and organizations.

Shine up that badge

If all this talk about security certifications has you wanting to get involved, I'm glad; the IT world desperately needs more people to get involved in IT security careers. To date, there are only about 3,000 people who have sat for and obtained the CISSP designation. I estimate from my research that the number of certified IT security professionals totals only tens of thousands. That's simply not enough people to handle today's and tomorrow's IT security load. That's good news if you're interested in (or already involved in) the field, because it means there's plenty of room for new people. It's a very real concern if your company needs IT security.

So if you're interested in this field, it's time to learn more about the profession of IT security. Do your research by visiting the Web sites mentioned in this article, read some of the books on the subject and check out the training opportunities. Plan to work toward, and obtain, the relevant certifications as soon as possible. Remember: We, the citizens of the IT world, really do need more people like you.

Contributing Editor Molly W. Joss also writes Ask Molly, a daily careers column on ComputerUser.com. Ask her an IT career-related question at AskMolly@ComputerUser.com.

 
 
Archives by Date
 
 
 
 
 
Copyright © 2001-2008 ComputerUser, Inc., All Rights Reserved
About us | Terms of use | Privacy Policy | Legal | Trademark/Copyright | Awards | Advertise | Writer guidelines | Sitemap | Contact | FAQ's | Feedback  | Link to us

Here are the topics we cover computer certification computer careers computer training computer games consulting data recovery data security digital entertainment emerging technology gadget reviews handheld computers hardware reviews home automation home networks home office how-to advice internet linux local companies local news local profiles macintosh mp3 players network security online music online security open-source small-business technology soho software reviews technology books technology dictionary vpn web site reviews wi-fi windows wireless technology tech articles tech news press releases tech dictionary education resources career solutions create your personal blog upload your videos become a writer usergroups special interest group SIG 3com cipts adobe adobe certified expert apc ncpi apple achds acpt acsa actc avaya bea 8.1 certified administrator 8.1 certified architect 8.1 certified developer 9 certified administrator bicsi rcdd checkpoint ccmse ccsa ccsa ngx ccse ccse ng plus with ai ccse ngx cisco access routing and lan switching ccda ccdp ccie ccip ccna ccnp ccnp old ccsp ccvp crmam ip communications optical proctored exams for validating knowledge sales specialist storage networking vpn and security wireless lan citrix cca 3.0 cca 4.0 cca 4.5 cca xp ccea 3.0 ccea 4.0 ccea xp ccia ciw ciw associate ciw certified instructor master ciw admin master ciw designer master ciw enterprise developer security analyst comptia a+ network+ security+ server+ computer associates ca cusa cuse cwna cwna cwsp dell eccouncil cea cep certified ethical hacker chfi e-commerce architect emc emc specialist implemenation technology foundations enterasys ese eta exam express exin exin itil extreme networks ena ens filemaker f7cd f8cd fortinet fortigate foundry cne fujitsu fujitsu guidance software ence hdi css hda hdm hdsa hitachi hitachi certified professional hp ais apc app aps ase certified systems developer csa cse master ase huawei hcne hyperion hcp ibm advanced deployment professional advanced technical expert application developer business process analyst certified administrator certified advanced system administrator certified advanced technical expert certified associate developer certified enterprise developer certified solution designer certified specialist certified systems expert database administrator db2 deployment professional enterprise developer eserver certified specialist ibm on demand business solution advisor solution designer solutions developer solutions expert storage administrator system administator iisfa cifi intel isaca cisa isc cissp sscp iseb itil ism cpm juniper jncia jncis legato lcaa lcea lotus clp lpi lpic level 1 lpic level 2 lpic level 3 macromedia mcafee mcdata csnd microsoft crm mbs mcad .net mcdba mcdst mcitp mcp mcpd mcsa longhorn mcsa 2003 mcsa 2008 mcsd .net mcse mcse 2000 security mcse 2000 to mcse 2003 upgrade mcse 2003 mcse 2003 messaging mcse 2003 security mcse 2008 mcts microsoft business solutions microsoft partner competency mile2 cnsa network appliance nac-na nac-nie naca nace nacp network general sniffer certified professional nokia nokia security administrator nortel ncde ncds ncse ncss ncts novell5 cna 5 cne 6 cna 6 cne 6.5 cne cne upgrade omg ocup oracle 10g dba 10g oca 11i 8i dba 9i dba 9i internet application developer oca ocp8 to ocp8i dba upgrade exam pmi project management professional polycom pcve redhat rhce rhct sair sas institute sas scp saas scp snia snia certified architect snia certified professional snia certified systems engineer snia storage networking certification program administrator professional associate symantec scse scsp scta scts teradata tca v2r5 tcad v2r5 tcda v2r5 tcis v2r5 tcm v2r5 tcp v2r5 tia ccnt ctp tibco tcp trusecure ticsa veritas infraguard chamber of commerce vcp vmware certified professional webex linkedin facebook myspace Professional page layout, image editing, vector illustration, and print production Website design, development, prototyping, and blogging Creation of rich interactive content Industry-standard visual effects and motion graphics Video capture, editing, and production; DVD titling; and digital audio, Adobe Photoshop CS3 extended, Adobe illustrator CS3,Adobe indesign CS3,Adobe Acrobat 8 Professional, Adobe Flash CS3 Professional, Adobe Dreamweaver CS3,Adobe Contribute CS3,Adobe Fireworks CS3,Adobe After Effects CS3 Professional, Adobe Premiere Pro CS3,Adobe Soundbooth CS3,Adobe Encore CS3,Adobe OnLocation,Adobe Bridge CS3,Adobe Version Cue CS3,Adobe Device Central CS3,Adobe Stock Photos, Intel Pentium 4 (1.4GHz processor for DV; 3.4GHz processor for HDV), Intel Centrino, Intel Xeon, (dual 2.8GHz processors for HD), or Intel Core, Duo (or compatible) processor; SSE2-enabled processor required for AMD systems Microsoft Windows XP with Service Pack 2 or Microsoft Windows Vista Home Premium, Business, Ultimate, or Enterprise (certified for 32-bit editions) 1GB of RAM for DV; 2GB of RAM for HDV and HD; more RAM recommended when running multiple components 10GB of available hard-disk space (additional free space required during installation) Dedicated 7,200 RPM hard drive for DV and HDV editing; striped disk array storage (RAID 0) for HD; SCSI disk subsystem preferred Microsoft DirectX compatible sound card (multichannel ASIO-compatible sound card recommended),1,280x1,024 monitor resolution with 32-bit color adapter Blu-ray burner required for Blu-ray Disc creation OHCI compatible IEEE 1394 port for DV and HDV capture, export to tape, and transmit to DV device QuickTime 7.1.2 software required to use QuickTime features Broadband Internet connection required for Adobe Stock Photos* and other services