Identity Management Institute Guide Highlights Security Crisis
Henry Bagdasarian of the Identity Management Institute recently published "Becoming a Cybersecurity Expert" for those thinking about walking the security career path, or who are already on it. It's only eight pages long and it's free.
Credit: ShutterstockI'd heard of the Identity Management Institute, but I hadn't really ever dug into their certification offerings until now. The IMI appears to support a fairly complete program with eight different credentials across the identity management and IT governance/risk management spectrum. I started by digging into the company's so-called "free e-book" entitled "Becoming a Cybersecurity Expert: A Career Guide for Professionals and Students" (PDF format, 8 pp, 816KB on disk), which highlighted the chronic security concerns and lack of qualified professionals at all levels of business, government, research, industry and more.
The general outline provides a good overview, and the About section includes this straightforward mission statement "This eBook intends to provide a short yet comprehensive guide to encourage and educate others for becoming a cybersecurity expert. With the knowledge in this guide, interested candidates will learn to pursue a career in cybersecurity and reap the benefits of a dynamic, reward, challenging, highly in demand, and respected career."
Note: While the content is spot on, the writing is a bit awkward and occasionally hard to follow.
(top to bottom, right to left)
Introduction Gain Experience
About this Guide Build a Network
Cybersecurity Risk Landscape* Improve Soft Skills*
Industry Statistics and Salaries Final Thoughts
Benefits of a Cybersecurity Career* Contribute
Career Change Discover Your Career Beacon
Cybersecurity Career Options+ About the Author
Preparing for Transition About IMI
Key Points Worth Pondering
Lumbering prose aside, Mr. Bagdasarian really knows his stuff. I found his descriptions of the asterisked items above both useful and compelling. There is a chronic and growing problem with security at all levels of business, government, research, industry and so forth. There's also a growing shortage of qualified cybersecurity professionals emerging the workplace. And indeed this does spell opportunity for IT professionals at all career stages, provided they obtain, develop and maintain the right kinds of skills and knowledge. The attribution of sources for statistics is spotty, but appears completely correct. His discussion of the development of expertise in the Cybersecurity Career Options section does a particularly good job of explaining what it means to obtain expertise, and how to meld it with prior training, skills and experience. That's why I mark it with a plus sign ("+") in the foregoing ToC list.
The discussions on training up for Cybersecurity, covered in the Preparing for Transition and Educate Yourself sections are also useful and informative. While many academics would take issue with the statement that "In some cases, experience and professional certification . . . can replace a college degree," I've seen this play out time and time again in the workplace. But I'm willing to grant it credence only when we're talking about 5 plus years of significant, meaningful and relevant experience, and one or more heavy-weight intermediate to advanced IT certifications (that is CCNP or CISSP versus CCNA or Security+). The brief coverage of scholarship, plus training and support programs is perhaps enough to get people looking around for such things, but by no means a deep or insightful guide into the many such offerings available to students, veterans, the unemployed and career changers of all stripes. That said, the input to Build a Network and Gain Experience is right on the money, and echoes many of my own writing.
I was glad to see Bagdasarian's section on "soft skills and political acumen." These are absolutely essential for professionals of all kinds, but especially so in the cybersecurity field, which is as much about educating executives and managers about threats and risk management, and users about security awareness and best security practices, as it is about security tools, platforms, and technologies. The section on certification is likewise useful, and it was fascinating to see the author ranking IMI right alongside ISACA, (ISC)2, CompTIA, SANS, and EC-Council (a reasonably fair and accurate collection of the biggest players in the space, leaving IMI aside for the moment).
All in all, the article or white paper (I'm not sure what to call it, really, because it's clearly not an eBook, no matter how it may label itself) makes plenty of useful and interesting points. If you're just getting into the cybersecurity world, it could serve as a decent orientation and wayfinding tool. But most of what it recites is old hat for practicing IT pros, particularly those who work in or around the "security patch." These folks can skip this article with impunity, or concentrate only on the sections I've called out for special mention in the ToC. The rest they already know, and is pretty much pure boilerplate. It is also, however, a useful and convincing testament to the enduring future value of working in cybersecurity, even for those doing so way beyond the scope or coverage of identity management.