Career Coach update from November 2003

Dear Alert:

One of the most promising IT career paths is in information security, thanks to new regulations that require organizations to secure and audit their data. According to the U.S. Department of Labor, by 2010 there will be a need for 10,000 additional trained information-assurance professionals, who will be responsible for maintaining the confidentiality, integrity and availability of company data.

Fortunately, Frederick Gallegos, a professor of CIS auditing, security and control at California State Polytechnic University, says there are many options for professional development in information audit, control and security, including certification programs hosted by vendors, professional associations and government organizations. Many vendors, including Cisco Systems, Guardian, Microsoft, Oracle, SAP and Symantec, offer certifications in the security features of their own products, while certifications from professional associations--the SANS Institute's GIAC (Global Information Assurance Certification), for instance--cover a broad range of skills for network-security analysts and security-support functions.

Other top professional certs include CFE (Certified Fraud Examiner), CISSP (Certified Information Systems Security Professional), SSCP (Systems Security Certified Practitioner), CISA (Certified Information Systems Auditor) and CISM (Certified Information Security Manager). CISM--offered by ISACA (Information Systems Audit and Control Association)--is ideal for those with the potential to see the big picture as well as manage day-to-day security operations.

Finally, if you want to work for a federal agency, you'll need some additional credentials, mandated by the federal government and sponsored by the NSA (National Security Agency). The NIETP (National InfoSec Education and Training Program), for instance, supports the CNSS (Committee on National Security Systems), ensuring that personnel in federal departments and agencies are trained to safeguard information resources. NIETP programs include:• Colloquium for Information Systems Security Education: defines requirements for information-security education

• University Outreach Program: works with the Advanced Computing Systems Association and SAGE (System Administrators Guild) to further computer-system administration as a profession

• Blue Box Initiative: offers ready-made infosec toolkits

• Centers of Academic Excellence in Information Assurance Education Program: promotes education via the Information Assurance Courseware Evaluation Process

You can find details about these and other NIETP programs here.

Send your questions to [email protected]

Post a comment or question on this story.