Skills and Certifications needed to be a Successful Information Security Professional

Although it’s a bit hard to believe, the New Year is already three months old with March 2012 greeting us in full swing. Each New Year brings with it a renewed motivation for professionals to start career planning. New milestones are set to enhance their professional CVs and give their LinkedIn profile that extra “wow” factor is much needed in today’s cut-throat environment.  

Information security professionals will be happy to know that the demand for cyber security skills shows no sign of slowing down, even in this sagging economy. This does not mean, however, that employers have become less choosy. In fact, employers are no longer impressed by a few security certifications on a person’s resume, and demand that candidates also display proper communication skills and the ability to present cyber-security issues in a way that management can grasp. Here, we will take a look at a few of the skills and certifications which every aspiring cyber security professional should focus on, if he or she plans to stand out within the already-crowded market place.

Security certifications and degrees

With so many certified individuals in the marketplace to choose from, it is a sad fact that while Info security certifications remain important, their presence on a person’s CV no longer give the instant “win” factor which it did a few years ago. However, a person without any security certifications on his profile will almost certainly be passed over in favor of another applicant that does, despite the former having superior knowledge and experience.

Certifications usually come in two flavors which are either vendor-based such as those administered by Microsoft, CISCO, IBM etc, and those which are looked after by vendor-neutral bodies like ISACA and (ISC)2. Of the two, hiring managers are more impressed by the latter as they indicate that an applicant is not tied down by a particular technology.

What it takes

Going into 2012, the CISSP remains one of the most coveted certifications and is referred to as the “gold standard” in information security. With a vast array of security topics to cover referred to as the Common Body of Knowledge (CBK), a person aspiring to become an Information Security Manager or move to a senior position should definitely invest the time and effort for this certification. The exam is itself is a grueling multiple choice affair with over 250 questions out of which candidates are required to pass with a scaled score of at least 700 points. The next step involves proving that you have five years of security experience in one of the CISSP domains. You also need to abide by a policy of continuous education which ensures that you remain updated with the current trends in information security.


An alternative to the CISSP is ISACA’s Certified Information Security Manager (CISM) which focuses more on the risk management and business areas of information security unlike the CISSP which is more technical. CISM is more geared towards managers who will be overseeing entire information security programs, and will need to present overviews to senior management instead of going into the low-level technical details.

Cloud certifications

A relatively new technology-independent certification which is rapidly gaining popularity is the Certificate of Cloud Security Knowledge (CCSK) by the Cloud Security Alliance (CSA). The rapid adoption of Cloud Computing across the globe has increased the need for individuals who can prove that they possess the necessary skills to secure cloud-based services – and this certificate aims to fill that role. The examination itself is online and tests an applicant’s knowledge against certain cloud-based security practices referred to as the cloud security body of knowledge. The CSSK is definitely a plus for professionals who are interested in pursuing a career in Cloud Computing, and is definitely a certification to watch for in the years to come.

The communication gap

With the maturing of the information security industry, one complaint that has arisen amidst many employers is that security professionals while able to display the required security and technical skills, often lack good communication and presentation skills. This fact cannot be stressed enough as individuals wishing to move up the corporate ladder must be able to present complex technical issues in a way that management can understand and appreciate. A few good business communication courses, along with those technical skills, can go a long way in enhancing one’s image in the corporate world.
Author Bio:- Sohail Qaisar writes informative articles for a technology review blog, checkout his useful article on nvidia or ati card selection.




- fan7 - bids9