Information Security: A Growth Career

Lynn McNulty, CISSP

Director of Government Affairs

(ISC)2

September 27, 2007

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

2

Outline

•Discuss the evolution of Information Security (IS) and Information Assurance (IA) as a career field

•Review current status of IS/IA professionals in public and private sectors

•Review results of the (ISC)2 Global Information Security Workforce Study

•Examine current educational and professional certification opportunities

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

3

Growth of IS/IA as a Career Field

•First dedicated IS/IA officers began to appear in the early 1970s.

•National security community was leader.

•Civil agencies and private sector followed.

•Organizational placement/career advancement/recognition issues

•No dedicated educational track

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

4

Growth of IS/IA as a Career Field (continued)

•Slow growth in profession during 1980s and 1990s

•Real surge began with the advent of the internet as the basis for e-government and e-commerce.

•Security problems created a need for a dedicated and qualified IT security workforce.

•Need for a qualified workforce stimulated the higher education community.

•Development of professional certifications for IT security

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

5

The (ISC)2 Global Information Security Workforce Study

•Respondents had:

•Responsibility for acquiring or managing their organizations’ information security

• Involvement in decision-making process regarding use of security technology and services and/or hiring of internal security staff

•Employment in the information security profession

•Study objectives:

•Gain detailed insight into important trends and opportunities within the information security profession

•Provide professionals with information they can use to further their career, such as a clear understanding of pay scales, skills gaps, training requirements, corporate hiring practices, security budgets, career progression and corporate attitude toward information security

Source: IDC/(ISC)² Information Security Workforce Study, 2006

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

6

Highlights from 2006 Global Information Security Workforce Study (GISWS)

•Conducted by industry analysts IDC on behalf of (ISC)2

•Estimated 1.5 million IS/IA professionals worldwide

•Estimated that workforce will grow to slightly more than 2 million by 2010.

•For North America in 2006, there were 640,705 IS/IA professionals – forecast for 2010 is 825,201.

•Over half of respondents are employed in information technology, financial services, government and professional services.

Source: IDC/(ISC)² Information Security Workforce Study, 2006

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

7

2006 GISWS Highlights from North America

•Level of education: 12% high school; 51% Bachelors; 33% Masters; 2% PhD

•Years of experience

•For 2006: 46% of respondents report to have been in IS/IA industry 5 to 10 years

•Compensation: 50% of respondents made $80K or more

Source: IDC/(ISC)² Information Security Workforce Study, 2006

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

8

IS/IA Security Has Many Facets

•Chief Information Security Officers

•Technical Specialists

•Policy Wonks

•Training Specialists

• Intrusion Monitoring Specialists

•Forensic Specialists

•Evangelists/Marketers

•System Security Administrators

•Auditors

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

9

What is Happening in the Educational Environment?

•Significant growth of IS/IA classes and programs offered at universities and colleges

•NSA/DHS Academic Centers of Excellence Program

•Federal Scholarship for Service Programs/(ISC)² post-graduate Scholarship

•Interesting developments at the community college level

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

10

Role of Professional Certifications

•Growth in IS/IA profession has been accompanied by growth of professional certifications.

•Accreditation under the global standard ANSI/ISO/IEC 17024 adds value to certifications.

•Department of Defense professional certification program

•Growing reliance on certification as a criteria for employment

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

11

Accreditation under ANSI/ISO/IEC Standard 17024

• International Standards Organization – Nearly 150 countries

• American National Standards Institute – US Representative to ISO

• ANSI/ISO/IEC Standard 17024

• 88 countries participated

• personnel certification system standard

• (ISC)² CISSP, CISSP-ISSEP, CISSP-ISSAP and SSCP Credentials

• Among 1st worldwide information security credentials to achieve accreditation under ANSI/ISO/IEC Standard 17024

• Establishes global benchmark for assessing and certifying personnel

• A global standard benefits

• The information security profession

• Businesses and governments

• (ISC)² credential-holders

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

12

Systems Security Certified Practitioner (SSCP®)

•Are systems and network security administration professionals

•Possess a minimum 1 year cumulative professional experience in (ISC)² SSCP CBK® domains

•Subscribe to (ISC)² Code of Ethics

•Earn 60 hours of CPE credits every 3 years

Meant for professionals who:

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

13

Associate of (ISC)²

• Program to

• Provide early support for information security careers

• Set new entrants on the right path early in their careers

• Encourage early commitment to the profession

• Accelerate the growth of professionals worldwide

• Designed for candidates who

• Pass the CISSP® or SSCP® examination

• Lack professional experience required for certification

• Are willing to subscribe to the (ISC)² Code of Ethics

• Indicates a candidate

• Possesses an independent and objective measure of competence via understanding of the (ISC)² CBK®

• Aspires to adhere to the rigors and ethics of the profession through association with (ISC)²

• Is required to complete the necessary professional experience and the subsequent endorsement process within 5 years

• Provides access to suite of (ISC)² career support programs

• Official (ISC)² communications (bi-monthly newsletter)

• Peer networking

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

14

The Future of the IS/IA Career Field

•IS/IA career field has a bright future!

•Continued growth and integration of technology into all facets of life

•IT security concerns/problems will not be solved in our lifetime

•Career field is both wide and deep - Plenty of opportunity for many participants

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

15

Advice to Interested Students

•Don’t get involved in hacking

•Keep a clean record

•Many IA/IS positions within government or with government contractors require a security clearance.

•Look for opportunities to work in career field

•Internships

•Volunteer positions

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

16

Advice (Continued)

•Develop soft skills - IS/IA is not just about the technology.

•Ability to write clearly and speak effectively is very important

•Understand the business impact of IT security

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

17

(ISC)2 Publications of Interest

•2006 (ISC)2 Career Guide

•2007 (ISC)2 Resource Guide for Today’s Information Security Professional – Global Edition

•IDC/(ISC)² Global Information Security Workforce Study, 2006

Samples Available on Table!!

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

18

About (ISC)²

•Established in 1989 - Non-profit consortium of industry leaders

•Global leaders in certifying and educating information security professionals with the CISSP® and related concentrations, CAPCM & SSCP®

•Offer the first information technology-related credentials to be accredited to ANSI/ISO/IEC Standard 17024

•Track and report on the rapidly evolving information security workforce

•Global standard for information security – (ISC)² CBK®, a taxonomy of information security principles

•Board of Directors -- Top information security professionals worldwide

•Over 50,000 certified professionals in 129 countries

•Produce the only Global Information Security Workforce Study

© Copyright 1989-2007 (ISC)2, Inc. All Rights Reserved. (ISC) ²

19

Questions

Contact Information:

Lynn McNulty, CISSP

Director of Government Affairs

(ISC)2

Lynn.McNulty@verizon.net

703-448-8208