Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
Editor's Blog and Industry Comments

(ISC)2 Managing Director Discusses The Certification of Information Security Professionals in The UK

26 May, 2010
John Colley of the non-profit certification consortium joined ProSecurityZone for lunch at InfoSecurity Europe to discuss the need for certification amongst the UK's Information Security Professional
At the InfoSecurity Europe Exhibition at London's Earls Court, I met John Colley, the EMEA Managing Director of the International Information Systems Security Certification Consortium, more commonly referred to as (ISC)2. Escaping the bustle of the main exhibition hall, we discussed the functions of the certification body over prawns and pasta in the nearby Atlas pub and explored the current situation of IT Security Professionals, what the future holds for them and why they should make the effort to become certified.

The three main certificates issued by (ISC)2 are the CSSLP (Certified Secure Software Lifecycle Professional) for those involved in the specification, development, testing or deployment of software, the CISSP (Certified Information Systems Security Professional) for those involved in the field of Information Security whether this is Disaster Recovery, Security Architecture, Cryptography or one of many other aspects of Information Security and the SSCP (Systems Security Certified Practitioner) which is a more technical certification for front line practitioners.

Membership currently stands at nearly 70,000 worldwide, of which around 10,000 are in EMEA with still a relatively small but growing proportion inside the UK of 3,300. I asked John what (ISC)2 is focusing on to ensure that more UK Security Professionals gain internationally recognised certification.

"(ISC)2 is working with the Information Security Forum (ISF) as well as other bodies." These collaborative ventures help in getting the message across to the members of other professional groups about the benefits of certification. (ISC) 2 is also active in staging workshops which are proving to be popular and provide incentives for security professionals to undergo further training to reach their career goals.

"The qualifications have been around for some time now", John continued. "This means that those who received their qualifications in the past now have more senior roles in the industry and are demanding similar qualifications from the people they recruit and from consultants who provide services for them".

I suggested the fact that having an inventory of professionals in senior positions would also work as an incentive for new members. "Do you see the role of an Information Security Professional as a lucrative career path?" I asked.

"Salary increases are still evident for security professionals and the industry is still actively recruiting", he explained. "The recession has had some impact on this of course, but there are definitely improvements in the market and there is currently a shortage of qualified security staff in the UK. This shortage isn't as acute as it was two years ago, but it is still there".

The field of Information Security is one of rapid development and constant churn which gives most outsiders a headache just trying to keep up with relatively simple aspects of securing their technology. The security of enterprise systems is an extremely complex and dynamic industry and so I was interested in the continued relevance of certificates issued to professionals employed in a field that changes so rapidly.

"The certification is not static", John explained. "In order to maintain their qualification, certified professionals must meet our continued professional development requirements. If they don't meet these requirements, they lose their certificate".

In order to support the membership in this respect, (ISC)2 has a comprehensive support program involving distance learning, e-Symposia, journals and publications.

There's no doubt that as the demands of information security continue to grow, the need for qualified professionals with recognised certification will also swell, placing (ISC)2 is a good position for supplying the certification that the industry will start to need more and more.
Bookmark and Share