The Enduring Appeal Of Information Security For IT Professionals
In the three or four years that we've been updating our list of the evergreen IT certifications, there's never been a version that didn't include at least two information security credentials. Last week, CompTIA exposed the results of a survey during a panel session chaired by U.S. Representative Bill Foster (D-IL), that helps explain why information security -- or cybersecurity, as it's increasingly being called, especially in government circles -- remains such a constant fixture on the IT landscape.
Turns out that there are at least three tiers of employment possibilities present in the information security sector, according to the CompTIA press release entitled Business Cybersecurity Readiness Is a Tale of Two Employee Groups. The first group is the cadre of professionals responsible for establishing and maintaining information security via tools and technologies, while the second group basically consists of everyone else, especially those who interact with systems and services. One key point from the CompTIA study is summed up in the following quote from that piece:
"Research by CompTIA and other organizations consistently shows that human error is the leading contributor to security breaches, yet an October 2015 CompTIA-commissioned survey of 1,200 full-time workers across the U.S. found that 45 percent do not receive any form of cybersecurity training at work."
To digest this remark, it's important to understand that people have always posed the greatest risks to information security in any organization, and that they continue to do so right now, and for the foreseeable future. Yet almost half of those people get no security training of any kind to help them understand this considerable risk, so they can avoid known problems and issues, and learn how to steer around at least such potential gotchas and risks that they should be able to recognize, based on a basic sense of security awareness, and an understanding of questionable or risky behaviors. That explains why information security remains such a huge concern for organizations of all sizes, and why job opportunities in this field are great and will stay that way for as far out into the future as I – or anybody else – can see.
This also helps to set the stage for what kinds of opportunities exist in and around the information security field – namely:
- For IT professionals who work directly in the field, to help design, build, establish and maintain information security apparatuses for organizations, and who work in the thousands of companies that provide services, tools, and technologies to support such efforts. These folks will definitely want to check out our “Best Information Security Certifications” and “Best Computer Forensics Certifications” stories at TIP, and our comprehensive 2015 Infosec Cert Survey piece for SearchSecurity.com, for overall guidance on what’s available, and for our thinking on current nonpareils in that general subject area (don’t let the mention of 2013 in the story header at SearchSecurity throw you off: if you keep reading, you’ll see it’s been updated for 2015).
- For IT and other professionals who train current and prospective IT professionals to work in the field, starting in basic high schools and community college curriculums, and continuing in the form of degree plans all the way through the PhD in academia (with the NSA’s National Centers of Academic Excellence in Information Assurance (IA)/Cyber Defense (CD) worthy of special mention here), and a whole slew of IT certifications that also focus on information security as well (see the preceding survey for a list of programs, all of which need instructors to teach those curricula, as well as candidates to pursue the related credentials, and also see our “Best IT Trainer Certs” story for more information on becoming an IT certification instructor of some kind).
- For IT and other professionals who want to work with security infrastructure, policy, and governance topics, opportunities are also ripe in this “halo area” around hard-boiled, plain-and-simple information security stuff. To that end, please check out our “Best IT Governance Certifications for 2016” story, and give some thought to how IT architecture, risk assessment and management, and frameworks like ITIL, COBIT, and so forth must increasingly factor security into their planning, design, implementation, and management lifecycles.
- Perhaps the biggest opportunity of all lies in addressing the unserved 45% mentioned earlier in this blog post (those employees who’ve received no security training of any kind) as well as the mostly underserved other 55% who work outside some security-related discipline or another. There’s a huge opportunity for those who understand information security and are willing to teach the basic principles and practices of safe computing, regulatory compliance, and proper digital workplace behavior to all and sundry. Most experts recommend that new employees get initial security awareness training as part of the onboarding process, and that refresher training be offered to everyone at all levels of employment at least once a year, and whenever an employee makes a job change of any kind. Lots of opportunities here, too, folks!
No wonder information security is such a good place to work nowadays: it’s everywhere, affects everyone, and touches everything. For many, this makes it a worthwhile focus for learning and professional development. Could this include you? Perhaps!