`Securing' your careers in IT security
INFORMAITION technology has proved to be the technology of the new millennium. There is no aspect of human life, which remains untouched by IT, from the dusty and distant Bhagalpur to the big and businesslike Bangalore.
However, the steady march of IT has a few challenges, the biggest of which is security of the IT based system.
This challenge now occupies centre stage in most organisations' IT strategy and fuels a demand for well trained and experienced IT security professionals.
IT Security has two dimensions-- a physical dimension and a virtual dimension. The physical dimension, involves controlling and preventing unauthorised physical access to an IT system.
This aspect needs no specialised skills and any person can be trained to carry out this duty.
The virtual dimension involves controlling virtual access to an IT system.
This means an individual opting for a career in IT security should be well versed with the risks that threaten the security of an IT system and also the preventive and remedial actions for these risks/threats.
An IT security professional, should be equipped with adequate functional knowledge in one or more of the components of the security system, since he will be pitted against highly skilled hackers.
Security of an IT system also implies that the person responsible for the security of the system should be abreast of the technological changes, since new technologies would most definitely open up new avenues of threat to an IT system.
IT security as a career: Career opportunities in IT security can basically be classified based on the level of experience and skills of a person. Following are some of the career options in the field:
1. IT Security Professional: These are essentially entry-level professionals.
Qualification and Skills: Computer graduates with a course in network administration and database administration activities like CCNA (Cisco certified network administrator), MSCNA (Microsoft certified network administrator), Solaris administrator and Oracle DBA is eligible.
Experience: One to two years of experience in networking and systems administration and/or database administration is a must. Coding experience is a definite plus.
Courses: all leading IT training establishments offer the courses mentioned above. Some of these offer certification after an online exam at any prometric testing centre.
Responsibilities: At this level a professional is expected to monitor an IT systems' various components as per instructions prescribed by the IT security manager.
Career opportunities are present with virtually any organisation that uses IT be it small, medium or large.
2. IT Security Supervisor:
Qualification & Skills: Any computer graduate having successfully qualified in network and database administration courses.
Experience: Four to five years of experience as an IT security professional or as a network and systems administrator with exposure to database administration. Coding experience in any of the major platforms will be a requirement.
Responsibilities: Supervise the activities of security professionals and ensure implementation of the organisation's security policy.
Career opportunities are generally available at medium and large organisations as well as large consultancy firms like the big four and any IT services company
3. IT Security Manager/Auditor:
Qualification and Skills: Post graduation in computer sciences with IT Security as one of the core subjects. Should be qualified in network and database administration activities.
Should also have a CISA (certified information systems auditor) or CISSP (certified information systems security professional) or SSCP (Systems security certified practitioner) and any IT security standard like BS19777.
Experience: Minimum seven years of experience in IT to include network and database administration, coding, project management and IT audit.
Courses: CISA is offered by The Information Systems Audit and Control Association (ISACA), Illinois USA. The International Standard for Information Security offers CISSP and SSCP.
Some firms too provide lead auditor training in IT security standards
Responsibilities include identifying threats, analysis of threats, formulating and implementing an IT security policy to thwart these threats.
The manager would also be responsible to carry out an audit of a system to identify weak points and non-conformances vis-à-vis policy.
Career opportunities would be available with large corporates, government bodies and other agencies with huge IT systems. Opportunities also exist with large IT services and consultancies. In addition, there is scope to run an independent IT security audit service.
If there is an IT System, there will be a need for IT security professionals to manage the security aspects if this system and this, therefore, presents tremendous opportunities to anyone seeking to make a career out of IT security.
Send this article to Friends by