Network security training is growing in popularity and supply.
Part of adjusting to life in this brave new world is accepting the need for serious security measures in many areas of life, including our computer systems. The good news is that the need for tighter security is fueling a growing job market for IT security professionals–a market that may well be recession-proof.
If you want to become an IT security professional, there are several roads to take to arrive at this vaulted career destination, including one trail Cisco recently blazed. There are so many choices, in fact, that your first mission, should you decide to accept it, might be figuring out which IT security certification is for you.
Before I launch into the training and certification details, let me first tell you a little about the kinds of jobs you can get in IT security. If you’re looking for a sedate nine-to-five job, forget it. IT security professionals work demanding hours, and many are on call constantly so they can respond whenever and wherever evil strikes.
Most IT security professionals are experienced network professionals, though there will be more jobs available for security newbies as more companies strive to cover their strategic IT assets. For the next year or so, though, companies will be looking for people with five-plus years of networking and security experience.
Becoming an IT security professional is an excellent alternate career path for someone who already has a network certification and wants to try something new. To put yourself ahead of the other job candidates, you will want to invest your time and money into one or more security-related certifications.
The investment you’ve made in your career pays off when you join the ranks of the guys in white hats. Starting salaries for IT security professionals with a few years of IT experience are in the high five figures ($85,000 or more), and you can count on moving up to a six-figure income within a few years.
As for the kind of work you could do, the jobs vary widely–and I do mean widely. Some of them are just about making sure all the system doors and windows are locked and alarmed. Others involve projects that border on realms most people have only thought about when reading science fiction.
A job recently posted on a security association Web site involves the design, engineering, testing, and deployment of a cryptographic device to be used in conjunction with biometric authentication devices. Another was for a database manager with security experience. The company wanted someone to make sure the database hadn’t been tampered with and to keep out uninvited guests.
With so many companies wanting to find ways to secure their IT systems and so many other companies working on ways to protect data and networks, the short- and long-term career prospects for IT security jobs look bright. They look so bright, in fact, that many IT training providers are rushing to cash in on the need for training and certification to help meet the need. IT security courses could become the next big thing in training.
That’s good news since it will make it easier to find a local training facility that offers the requisite courses. It could be not-so-good news if disreputable training companies get involved.
Your best bet when selecting an IT training facility is to check it out thoroughly before you pay anything. Check out the curriculum and check around in the area for other training facilities. Compare prices and course offerings; they can vary widely from school to school.
You’re going to have to make some difficult choices when it comes to deciding how to get yourself trained and certified for IT security. Microsoft doesn’t yet have a security-related certification, but I would be very surprised if the company does not announce one before the end of the year.
CompTIA is in the final stages of creating a new, entry-level security certification called Security+. If you are interested in taking the beta exam for the certification, keep checking the CompTIA Web site because the exam should be out sometime in the fall. CompTIA expects to formally launch the new certification before the end of the year.
Other security certification programs are already established, but I want to mention two that you will see often in IT security job advertisements. The comprehensive Certified Information Systems Security Professional designation by the International Information Systems Security Certification Consortium (ISC)2 has been around for a few years. It is a respected and broad-based program, and (ISC)2 recently revamped its requirements, making them more stringent. Not only do you have to pass exams, but also, someone in the security field has to vouch for your experience.
Prosoft offers the Certified Protection Professional (CCP) certification, and SANS offers the GIAC Security Engineer (GIAC) program. These two certifications are often a plus when it comes to doing classified work for government agencies and private companies.
Cisco Systems announced a new program in the first quarter of 2002 that will take the bar on IT security training up a few notches. The company designed the program to be a wide-ranging and rigorous curriculum and set of exams–definitely not for network newbies.
The prerequisite for the Cisco Security Specialist 1 (CSS1) certification is the Cisco Certified Network Associate (CCNA). That’s just the starting point; Cisco recommends that you prepare for the CSS1 exam by taking the security-specific training courses offered by Cisco Learning Partners. You can also train online, by reading books or by attending classes.
To pass the Cisco Certified Internetwork Expert (CCIE) security-level exams, you don’t have to take security specific training. Cisco recommends at least six years of professional experience with various kinds of networks before you try the exam. It also wouldn’t hurt for you to have a network certification and perhaps another security-related certification.
If you want to develop basic security for networks, such as installing firewalls and identifying weak points in the system, the CSS1 is probably all you’ll need. If you want to be a consultant to companies that want IT security, you could start with the CSS1 and add other certifications as needed. The CCIE with security certification is for people who want to learn how to build fortresses out of networks. A network manager, network architect, CIO, or senior security consultant should opt for this certification.
The fact that Cisco has decided to build such a rigorous IT security certification program is a sign of the times. Companies are deeply concerned that their data is not secure enough or that their Web sites are vulnerable to attacks. As more and more companies use the Web to conduct some of their everyday business, IT security becomes all the more critical.
The new Cisco security certifications would give any network professional a first-rate starting point in an IT security career. You’d have to invest in ongoing training and re-certification because it’s not just the good guys who are taking these training courses. The black hats are, too, and they are focusing on ways to outwit existing security systems.
To accomplish your first mission of figuring out which kind of IT security training and certification program is right for you, decide first the general direction of your career. You may want to get into such high-tech areas as biometrics. You could even concentrate on protecting information that flows through wireless networks, as opposed to keeping wired systems safe.
Once you make a general decision, you can research your training and certification options with a specific direction in mind. Doing so will make the decision easier about which program is best for you and your career. Just keep telling yourself that no matter what you decide, you’re helping make the world safe for the free exchange of information.