Date post: | 01-Jan-2016 |
Category: |
Documents |
Upload: | andrew-barber |
View: | 217 times |
Download: | 0 times |
Information Security: A Growth Career
Lynn McNulty, CISSP
Director of Government Affairs
(ISC)2
September 27, 2007
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
2
Outline
•Discuss the evolution of Information Security (IS) and Information Assurance (IA) as a career field
•Review current status of IS/IA professionals in public and private sectors
•Review results of the (ISC)2 Global Information Security Workforce Study
•Examine current educational and professional certification opportunities
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
3
Growth of IS/IA as a Career Field
•First dedicated IS/IA officers began to appear in the early 1970s.
•National security community was leader.
•Civil agencies and private sector followed.
•Organizational placement/career advancement/recognition issues
•No dedicated educational track
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
4
Growth of IS/IA as a Career Field (continued)
•Slow growth in profession during 1980s and 1990s
•Real surge began with the advent of the internet as the basis for e-government and e-commerce.
•Security problems created a need for a dedicated and qualified IT security workforce.
•Need for a qualified workforce stimulated the higher education community.
•Development of professional certifications for IT security
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
5
The (ISC)2 Global Information Security Workforce Study
•Respondents had:
•Responsibility for acquiring or managing their organizations’ information security
• Involvement in decision-making process regarding use of security technology and services and/or hiring of internal security staff
•Employment in the information security profession
•Study objectives:
•Gain detailed insight into important trends and opportunities within the information security profession
•Provide professionals with information they can use to further their career, such as a clear understanding of pay scales, skills gaps, training requirements, corporate hiring practices, security budgets, career progression and corporate attitude toward information security
Source: IDC/(ISC)² Information Security Workforce Study, 2006
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
6
Highlights from 2006 Global Information Security Workforce Study (GISWS)
•Conducted by industry analysts IDC on behalf of (ISC)2
•Estimated 1.5 million IS/IA professionals worldwide
•Estimated that workforce will grow to slightly more than 2 million by 2010.
•For North America in 2006, there were 640,705 IS/IA professionals – forecast for 2010 is 825,201.
•Over half of respondents are employed in information technology, financial services, government and professional services.
Source: IDC/(ISC)² Information Security Workforce Study, 2006
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
7
2006 GISWS Highlights from North America
•Level of education: 12% high school; 51% Bachelors; 33% Masters; 2% PhD
•Years of experience
•For 2006: 46% of respondents report to have been in IS/IA industry 5 to 10 years
•Compensation: 50% of respondents made $80K or more
Source: IDC/(ISC)² Information Security Workforce Study, 2006
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
8
IS/IA Security Has Many Facets
•Chief Information Security Officers
•Technical Specialists
•Policy Wonks
•Training Specialists
• Intrusion Monitoring Specialists
•Forensic Specialists
•Evangelists/Marketers
•System Security Administrators
•Auditors
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
9
What is Happening in the Educational Environment?
•Significant growth of IS/IA classes and programs offered at universities and colleges
•NSA/DHS Academic Centers of Excellence Program
•Federal Scholarship for Service Programs/(ISC)² post-graduate Scholarship
•Interesting developments at the community college level
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
10
Role of Professional Certifications
•Growth in IS/IA profession has been accompanied by growth of professional certifications.
•Accreditation under the global standard ANSI/ISO/IEC 17024 adds value to certifications.
•Department of Defense professional certification program
•Growing reliance on certification as a criteria for employment
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
11
Accreditation under ANSI/ISO/IEC Standard 17024
• International Standards Organization – Nearly 150 countries
• American National Standards Institute – US Representative to ISO
• ANSI/ISO/IEC Standard 17024
• 88 countries participated
• personnel certification system standard
• (ISC)² CISSP, CISSP-ISSEP, CISSP-ISSAP and SSCP Credentials
• Among 1st worldwide information security credentials to achieve accreditation under ANSI/ISO/IEC Standard 17024
• Establishes global benchmark for assessing and certifying personnel
• A global standard benefits
• The information security profession
• Businesses and governments
• (ISC)² credential-holders
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
12
Systems Security Certified Practitioner (SSCP®)
•Are systems and network security administration professionals
•Possess a minimum 1 year cumulative professional experience in (ISC)² SSCP CBK® domains
•Subscribe to (ISC)² Code of Ethics
•Earn 60 hours of CPE credits every 3 years
Meant for professionals who:
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
13
Associate of (ISC)²
• Program to
• Provide early support for information security careers
• Set new entrants on the right path early in their careers
• Encourage early commitment to the profession
• Accelerate the growth of professionals worldwide
• Designed for candidates who
• Pass the CISSP® or SSCP® examination
• Lack professional experience required for certification
• Are willing to subscribe to the (ISC)² Code of Ethics
• Indicates a candidate
• Possesses an independent and objective measure of competence via understanding of the (ISC)² CBK®
• Aspires to adhere to the rigors and ethics of the profession through association with (ISC)²
• Is required to complete the necessary professional experience and the subsequent endorsement process within 5 years
• Provides access to suite of (ISC)² career support programs
• Official (ISC)² communications (bi-monthly newsletter)
• Peer networking
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
14
The Future of the IS/IA Career Field
•IS/IA career field has a bright future!
•Continued growth and integration of technology into all facets of life
•IT security concerns/problems will not be solved in our lifetime
•Career field is both wide and deep - Plenty of opportunity for many participants
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
15
Advice to Interested Students
•Don’t get involved in hacking
•Keep a clean record
•Many IA/IS positions within government or with government contractors require a security clearance.
•Look for opportunities to work in career field
•Internships
•Volunteer positions
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
16
Advice (Continued)
•Develop soft skills - IS/IA is not just about the technology.
•Ability to write clearly and speak effectively is very important
•Understand the business impact of IT security
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
17
(ISC)2 Publications of Interest
•2006 (ISC)2 Career Guide
•2007 (ISC)2 Resource Guide for Today’s Information Security Professional – Global Edition
•IDC/(ISC)² Global Information Security Workforce Study, 2006
Samples Available on Table!!
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
18
About (ISC)²
•Established in 1989 - Non-profit consortium of industry leaders
•Global leaders in certifying and educating information security professionals with the CISSP® and related concentrations, CAPCM & SSCP®
•Offer the first information technology-related credentials to be accredited to ANSI/ISO/IEC Standard 17024
•Track and report on the rapidly evolving information security workforce
•Global standard for information security – (ISC)² CBK®, a taxonomy of information security principles
•Board of Directors -- Top information security professionals worldwide
•Over 50,000 certified professionals in 129 countries
•Produce the only Global Information Security Workforce Study
© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²
19
Questions
Contact Information:
Lynn McNulty, CISSP
Director of Government Affairs
(ISC)2
703-448-8208