Information Security Specialist (more knowledge, more secure and efficient)
The job / work of the Information security specialist is to keep out the bad guys and help secure information assets and network from unauthorized access, e-mail attacks and malicious code viruses.
It requires technical ICT competence as well as mastery of issues that include: Digital certificates, authentication, encryption keys, VPNs, Firewalls and intrusion detection, Business Availability, etc.
Disaster recovery Planning, Social engineering and business knowledge are all critical. Because of information security’s impact and close relationship with crime and society, security professionals need to have a solid grasp of ethical and legal issues. Organizations such as the African Information Security Association were created to promote specialization in information security.
Ethical Hacking Approach
The Ethical hacking approach – “trying to catch a thief, by thinking like a thief” – is an approach adopted by many security professionals. How do cybercriminals think? What are the weaknesses? Why and what do they attack? What is in the hackers mind?
Information security professional needs knowledge tools to close the expertise gap. They often learn from experience and develop expertise by investing in relevant training and certification programs. Furthermore, Information security requires a forward thinking, proactive mindset. Lifelong learning is imperative in the world of constant change.
Information Security Certifications
The great advantage of certification is the emphasis on industry and societal needs. No storytelling please! Go beyond the certificate. Where are the gaps, where are the needs? It isn’t about academic theories. Quality certifications are based on learning, current risks, threats, technologies, global best practices and standards. Good certification programs eliminate the need to reinvent of the wheel.
Recognized information security certifications include Security+ developed by the Computing Technology Industry Association (CompTIA) to cover the fundamentals of information security;
The Certified Information Systems Auditor (CISA) program – “health check” specialists, sponsored by the Information Systems Audit and Control Association (ISACA) covers information systems (IS) audit, control, and security;
CISSP (Certified Information Systems Security Professional) certification from International Information System Security Certification Consortium, Inc (ISC)² is ideal for mid- and senior-level managers – experienced information security professionals;
Cisco Certified Security Professional (CCSP) certification from Cisco systems validates skills and knowledge for installing, configuring, and maintaining Cisco security products;
The Ethical Hacking and Countermeasures certification (CEH) developed by the International Council of Electronic Commerce Consultants (EC-Council) to enable experienced technology professionals use the same knowledge and tools used by malicious hacker, this time for ethical purposes.
The best security certification? Best is relative. What does the individual or organization want to achieve? It depends on the individual’s need and situation? Is the individual a beginner or an experienced professional? What is corporate need for Information security expertise?
What do you think? Does certification work for the Information Security Specialist?