Security is the hottest topic in IT at the moment. Numerous high-profile IT security breaches mean businesses are upping their game to ensure they’re not the next company in the headlines. British Airways, TalkTalk, Uber, T-Mobile, Sony and Staples are just some of the companies that have had records breached since the beginning of 2015.
This means the demand for IT security skills has never been higher. For example, the government announced it’s doubling the cyber security budget to £1.9 billion over the next five years. This is to protect government assets and information, UK businesses and citizens. Also, ComputerWeekly.com state that 14% of all UK IT jobs are now cyber security related, with 42 universities now offering cyber security related degrees. Take advantage of this demand by improving your security skills through certifications, helping you to protect your business or move up the ladder of IT security roles.
If you’re not yet involved in IT security, now is a great time to start. A solid starting point to build your foundation knowledge is CompTIA’s A+ and Network+certifications. To sit the courses, you only need 6-12 months of hand’s-on experience and familiarity of Windows operating systems. Achieving the A+ would help you get an IT Support Technician role with an average salary of £24,000. (*All average salaries from itjobswatch.co.uk).
The Network+ could get you a Network Support Technician with an average salary of £30,000. These CompTIA certifications give you skills in network architecture, operations, security and troubleshooting. These will give you strong foundations from which to grow your skills in future.
|Image courtesy of Yuri Samoilov/flickr.com|
After 2 years’ experience and further understanding of operating systems, you’ll be ready to take a more advanced certification. You can take CompTIA’s Security+. It’s a deeper look at IT security from CompTIA, teaching you skills in compliance and operational security, threats and vulnerabilities, access control and identity management and cryptography. This certification can help you achieve a role like Security Engineer with an average salary of £52,500.
An alternative to the Security+ that’ll teach you different skills, is Cisco’s CCNA Security. You’ll learn to apply security through the in-built features of Cisco’s Internetwork Operating System. Focused more towards the management side of IT security, you’ll learn how to develop security infrastructures, recognise threats and vulnerabilities to networks and mitigate security threats. However, the CCENT or CCNA Routing & Switching certification is required before you can attempt the CCNA Security.
Building your skills
When you’ve gained a year or more’s experience in the IT security industry, you’ll be looking to get skills that’ll help you stand out and push you up the career ladder. (ISC)2’s SSCPis a great certification to help you do that. It teaches you security skills in areas like access controls, malicious code, networks and telecommunications and security policy administration. Also, there are seven reputable domains created from (ISC)2’s SSCP CBK (common body of knowledge). With skills like these, you could get a role like Security Engineer with an average salary of £52,500. Achieving a certification like the SSCP will help separate you from other mid-level IT security professionals and help your transition into elite level IT security roles.
An alternative is ISACA’s Certified Cybersecurity Practitioner CSX,which is broken down into three levels. Level one teaches you how to identify weaknesses and protect your network. Level two covers detecting cyber-security incidents and attack analysis. And in the third level you’ll learn how to respond to and recover from cyber-attacks. These are broken down into five domains of Identification, Protection, Detection, Respond and Recover, contained within ISACA’s new security program, the Cybersecurity Nexus. This certification introduces you to the Cybersecurity field and can help you become a Cybersecurity Specialist with an average salary of £59,000. If you wanted to focus on the technical side of IT security, the CSX Practitioner program would be a great place to start as it builds practical skills relevant to real world situations.
Specialising in security management
Generally speaking, management and technical are the two major directions of specialisation in which you can take your IT security career. A great certification to train your management skills is ISACA’s Certified Information Systems Auditor. You need a minimum of five years’ experience in the information systems auditing, control or security. In the CISA, you’ll learn how to audit, manage, maintain and support information systems. The skills will help you protect the information assets of your company. This certification can help you become a IT Security Officer with an average salary of £55,000.
You can take your management skills further by taking ISACA’s Certified Information Security Manager. The CISM requires a similar amount of experience to the CISA, but you are able to sacrifice experience for a degree or other certifications. You’ll learn to establish and manage a security governance framework and how to align it with your company’s goals and objectives. Your CISM certification can help you become an IT Audit Manager, with an average salary of £70,000.
Specialising in technical security
When you’ve established your career, if you’d like to take it down the more technical route there are several ways in which you can do this. Cisco’s CCNP Security helps you develop your network security skills to defend your systems. You’ll learn how to use Cisco Switches, Cisco ASA and the router security appliance feature. The CCNP Security will help you become a Network Security Engineer (average salary of £50,000). This is because on the CCNP Security you’ll learn to deploy perimeter security and VPNs, monitor and detect security events and manage network security to improve productivity.
GIAC’s Penetration Tester (GPEN) teaches you the skills to find and nullify security vulnerabilities. You’ll learn to protect your business and stop weaknesses from being exploited. You’ll develop skills in areas like exploitation fundamentals, vulnerability scanning, password attacks, reconnaissance, scanning for targets and the pen-testing process. The GPEN is one of the most recognised penetration testing certifications and can help you get a penetration testing role with an average salary of £60,000.
|Image courtesy of hin255/freedigitalphotos.net|
You can also specialise to become an Ethical Hacker. EC-Council’s Certified Ethical Hacker is the best certification to help you do this. It contains 18 established domains that cover topics like malware threats, social engineering, session hijacking, hacking web servers and cloud computing. These skills will help you protect your business by identifying weaknesses that are susceptible to cyber-attacks and preventing them from being exploited by genuine security threats. The average salary for an Ethical Hacker is £75,000.
Mastering IT security
(ISC)2’s CISSP is often considered the gold standard certification for IT security professionals. It is comprehensive in its coverage of both the managerial and technical sides of IT security. You’re eligible for the CISSP after five years’ experience. The CISSP CBK (common body of knowledge) contains eight domains covering topics like security engineering, communication and network security, software development security and security testing. The CISSP can set you on your way to getting a Chief Information Security Officer job, with a salary in excess of £100,000.
An alternative to the CISSP, is the CCSP which will give you skills in cloud computing security. This contains topics like cloud data security, cloud application security and architectural concepts and design requirements. As more businesses move to cloud technology, it’s becoming a bigger target for hackers. This means data stored in the cloud needs a new approach by security teams to properly protect it. This certification will give you the skills to master the security within cloud systems.
If you’re in a top IT security role, you can add extensions to your CISSP. The CISSP-ISSMP will further develop your security management skills. It tackles legal issues, plus project and risk management within IT security. The CISSP-ISSAPis the technical equivalent and teaches you advanced skills in areas like access control systems, communications and network security and security architecture analysis.
IT security has so many areas that you have the luxury of being able to pick and choose the direction you career can take within it using certifications. This allows you to protect your business in each area by improving your skills exactly how you want.