Tracking down and retaining the right security people poses problems for companies
- Article 16 of 33
- SC Magazine, May 2009
If there's one thing almost everyone seems to agree on, it's that, despite the recession, few are going to be cutting back on security expenditure.
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages
To convince people to join (and stay), Maddison used BSkyB's infrastructure and his own management techniques, including a competitive package, a company vision that made people feel they would be somewhere where they would make a difference - and dedication to career development. Training packages were tailored to each individual, with employees developing the plan themselves. Graduates and lower grades can train for "a raft of qualifications".
It took six months for Maddison to get 80 per cent of his team in place, since he refused to sacrifice quality for speed. Indeed, he says maintaining quality can be a challenge, because security is very much in demand and there's a limited pool of people to draw on. So he put succession plans in place in case anyone felt motivated to leave - and didn't try to stop them. "Security is like audit was ten years ago. It was niche and dead end and now people recognise it's a good place to develop individuals. Sometimes, it's okay to move on and have a career."
THE QUALIFICATIONS TRAIL
Over the last few years, the range of security qualifications available to everyone, from seasoned professionals to school-leavers, has blossomed. Many universities, including Royal Holloway, London Metropolitan, Leicester, Greenwich, Glamorgan, Birmingham, UCL and Westminster, offer MScs in information security and these can often provide an initial step into IS. The School of Information Risk Management (www.sirm.ac) operates some of these MScs and at the time of writing was about to offer a postgraduate diploma in information security and assurance (ISA), leading to an MSc.
A more vocational qualification for school leavers - and certainly quicker to obtain - is CompTIA Security+, which, over four days, provides entry-level security administrators with the understanding and skills necessary for secure inter-network communications. Cisco's CCNA (Cisco Certified Network Associate) certification is becoming almost a standard requirement for anyone wanting to enter the industry for a technical position, as is MCSE: Security (Microsoft Certified Systems Engineer), while CISA (Certified Information Systems Auditor) is also taking off.
The Certificate of Ethical Hacking is a very hot topic at the moment for the mid-tiers, according to recruitment firm Computer People's James Ramsdale, as is CISSP (Certified Information Systems Security Professional).
But, according to Vernon Poole (CISM), head of business consultancy for Sapphire and a member of the Information Systems Audit and Control Association (Isaca) information security management committee, most adverts for IS professionals over the past five years have requested a CISM (Certified Information Security Manager) qualification. This covers five main areas: information security governance; risk management; information security programme management; information security management; and response management.
So much has CISM begun to dominate qualifications that Isaca has developed a new qualification for higher-level jobs: Certified in the Governance of Enterprise IT (CGEIT).
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages