|
1.1 The Need for Information Security Professionals
Our fast-paced and developing information technologies have, and continue to provide, immensely stimulating opportunities. Increasing Internet usage provides a virtual library of essentially limitless information resources available to almost anyone right in his or her own home. Personal and business information is, for the most part, instantaneously accessible and available to anyone at any time. The sheer volume of available information and the varied technologies for handling and storing these resources has created a dynamic and enormously complex machine.
Along with this information explosion, the possibility for predatory behavior has also dramatically evolved, creating multitudes of innovative ways to unscrupulously, and often illegally, exploit these vast resources.
Only upon reflection do we come to realize our dependence upon these valuable information technologies, and begin to think about the importance of security related to those important and expanding resources. The growth of our technologies, and those who would exploit them, has forced the practice of information security to become extremely complex. Our current real-world information technology dependence places emphasis on the now critical need for qualified information security professionals.
1.2 Endless Opportunities for Information Security Professionals
Recent headlines regarding the job market are filled with the doom of information technology layoffs, downsizing, and "off-shoring" of technology jobs. In 2001, layoffs in computer firms accounted for over 50% of total job losses. There has been some rebounding amongst the technology sector, but certain areas have rebounded stronger than others. One of the strongest fields in the technology sector for growth and opportunity is information security.
Information security is one of the hottest job fields in today?s economy. Professionals interested in a career in information security will find ample opportunity in both the government and private sectors.
1.3 Career Planning is Essential for Information Security Professionals
Those who simply enter this career without expertise, knowledge, and a plan may find insurmountable obstacles in their career path. These obstacles include lack of internal support, lack of cooperation, and other dilemmas that can lead to a career stall. However, with proper preparation you can learn to recognize and avoid or overcome these obstacles.
Many security professionals find themselves in career-limiting situations, compromising positions, or unsupportive environments when it comes to performing their duties. Often times when faced with these situations, there are seemingly few resources available to assist. But a well-prepared information security professional will know how to either avoid these issues, overcome these issues, or find help for these issues.
Information security professionals are not born, and cannot effectively be churned out from educational manufacturing plants by the dozens. Information security professionals must possess experience, along with specialized training, to effectively execute their duties, stay clear of trouble, and plan a successful career.
Global Knowledge offers specialized training for security professionals, including CISSP preparation and the class, Business Skills for IT Professionals.
This white paper provides a glimpse into career planning for the information security professional, specifically the essential skills required to succeed at a career in information security. The business skills class covers additional elements of career planning, including useful background experience:
- "built-it" vs. "check-it" careers - key credentials - career options - career progression - ethics
2. Essential Skills and Requirements
A successful information security professional must possess key skills and aptitudes. Among these skills and aptitudes are salesmanship, communication skills, conflict resolution, strategic thinking, decision-making, multi-tasking, and (of course) knowledge of information security technology.
Salesmanship
Salesmanship, or the ability to represent the value of your recommendations, has become an essential ingredient for the information security professional. Security professionals must have the capability to convince senior management of the need and logic involved in instituting information security controls. Security controls, after all, are not a revenue generator, but an expenditure that essentially comes off the bottom line of a business enterprise. Security professionals must be able to "sell" security controls as a method of mitigating possible financial losses associated with security breaches or information loss.
Communication Skills
Security professionals must possess the capability to communicate, both through documentation and discussion, the importance of security controls. These skills make it far easier to "sell" and complexity involved in information security practices.
|
