Security Jobs

By Mary Stevens  |  Posted 2002-12-16 Print this article Print

Security Jobs

As with any relatively new field, the necessary expertise required by employers will continue to shift from generalists to specialists, said Alan Paller, director of the SANS Institute, a Washington-based cooperative research and education organization. Would-be IT security professionals who are certified in an area of this field have a powerful weapon in their arsenal, Paller said.

The International Information Systems Security Certification Consortium Inc.s CISSP (Certified Information Systems Security Professional) certification, which aims to prepare recipients to manage entire enterprise security systems, is one of the most-sought-after certifications, industry observers said. Also in demand are the SANS Institutes GIAC credentials, which address a range of skill sets, including security essentials, intrusion detection, incident handling, firewalls and perimeter protection, and operating system security, among others.

CISSP certification can be a deal maker for employees at Guardent Inc., a managed security services and consulting company based in Waltham, Mass. According to Douglas Barbin, principal consultant of Guardents Enterprise Security and Privacy Services, West Coast, in San Francisco, virtually all the company consultants—around 150—have the CISSP designation.

"The CISSP is good in that it requires the professional to have that broad-based understanding of the core aspects of information security with a focus on enterprise security," said Barbin. Guardent also values the GIAC certification, Barbin said, in part because it requires that security professionals not only obtain technical skills but also learn to communicate security issues to businesspeople.

"From my perspective," said Barbin, "that is key: The industry is abundant with very smart, very technical people that can solve a variety of complex security problems. The challenge comes back to communicating the solution in a way that a company or an agency can take the appropriate action."

A new, broad-based security credential is being added to the stew as well. The Information Systems Audit and Control Association plans a new certification targeting information security managers. The ISACA certification, to be called the Certified Information Security Manager, will be launched next year and appears destined to compete with CISSP certification. (See "Security Cert Provider Cries Foul.")

Although some hot IT specialties have their day, then go off the résumé radar as technology shifts, security-oriented certifications, especially those geared toward management, should have more staying power, experts said.

There will even be a growth path, said Meta Groups Schafer: The quest for optimal security will drive many more companies to hire chief security officers, and subsequent privacy issues will generate a new chief privacy officer position to deal with the thorny issues that tight security will likely raise, she said.

eWeek Labs Managing Editor Mary Stevens can be reached at


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel