ISS Security Education Options for Adult Learners

By Allen Graves

According to the latest U.S. Bureau of Labor Statistics (BLS) projections, employment opportunities for information security analysts will increase by 18% between 2014 and 2024, a growth rate more than double the national average across all other occupations (7%).

The reason is clear.

Threats to both public and private information systems security (ISS) escalate on a near-daily basis, and employers recognize the corresponding need for qualified cybersecurity experts. RAND Corporation’s 2014 study of the information security field determined that the demand for skilled professionals began exceeding supply in 2007, and the trend hasn’t abated since.

Public education campaigns focused on password protection and malware recognition have tempered only a fraction of existing threats. Businesses, organizations and governments still need more ISS managers and analysts to evaluate risks and defend against viruses, malware, phishing and other increasingly sophisticated cybercriminal tactics and strategies.

Consistent news of data breaches at large corporations, including Target, Bank of America and The Home Depot, drive home the point.

Government Concerns Generate New Incentives

In addition to private sector employers, the federal government has taken note of the cybersecurity skills gap, responding with educational incentives such as the Comprehensive National Cybersecurity Initiative (CNCI), which funds the expansion of information assurance and intelligence processing and analysis programs for federal intelligence, law enforcement and defense departments.

Homeland Security’s National Initiative for Cybersecurity Education (NICE) builds on the CNCI by partnering with educational institutions and corporate interests in order to advance cybersecurity through a network of public and private educational programs—again, for good reason.

The 2012 Information Technology Workforce Assessment for Cybersecurity (ITWAC), a collaboration between NICE and the Federal Chief Information Officer’s Council (CIO) that surveyed the state of cybersecurity in more than 50 federal departments, found that even information security specialties “with high levels of proficiency also have high percentages of the population indicating their need for training.”

Specialized ISS Certifications

Clearly, specialized ISS educational opportunities are paramount, and internet security professionals looking to leverage their earning power and close the cybersecurity skills gap should consider one or more of the following certificates:

Computing Technology Industry Association (CompTIA) Security+™: 

One of the most popular certifications available, the CompTIA Security+ credential indicates that certified ISS professionals can identify, preempt and respond to IT security risks. Credentialed employees therefore hold a variety of titles, including information assurance technician; security architect or engineer; security consultant; and security, network or systems administrator. Content covered in the certificate exam is equally varied, speaking to the wide variety of skills that industry professionals, as a whole, must master.

  • Computing Technology Industry Association (CompTIA) A+™
    • The CompTIA A+ credential requires two exams: CompTIA A+ 220-801, which addresses foundational competencies for the installation and configuration of PC’s and laptops, and CompTIA A+ 220-802, which tests installation and configuration of mobile and PC operating systems.
  • Computing Technology Industry Association (CompTIA) Network+™
    • Ideal for installers and technicians, particularly those who aspire to the Apple Consultants Network or government employment, this credential specifically addresses network installation, configuration and technologies. CompTIA Network+ certificates also indicate mastery of media and topologies and network management.
  • Certified Information Systems Security Professional (CISSP®)
    • A powerful and universally recognized information systems security credential, the CISSP is governed by industry leader (ISC)²® and establishes competency in ten key domains, including:
      • software development security
      • security architecture and design
      • cryptography
      • operations security
      • business continuity and disaster recovery planning
      • physical security
      • access control
      • network security and telecommunications
      • legal, regulations, investigations and compliance
      • information security governance and risk management
    • To qualify for this credential, security professionals must have at least five years of experience in two of the ten domains. Certification indicates proficiency in all ten. However, (ISC)² offers an Associate’s designation to those security professionals with less than five years of experience who pass the CISSP exam. Once the requisite experience has been gained, Associates can seek official CISSP certification.
    • To maintain CISSP credentials, certificate holders must recertify every three years.
  • Systems Security Certified Practitioner (SSCP®)
    • Also offered by (ISC)², the SSCP is a slightly less rigorous version of the CISSP, open to professionals with just one year of relevant experience. The seven domains tested by the SSCP exam – cryptography, access control, malicious code and activity, security and operations and administration, among others – overlap with those tested in the CISSP.
    • Likewise, candidates who want to enter the field but have no security-related professional experience can sit for the SSCP and receive the (ISC)² Associate credential once they’ve acquired the qualifying work history.
    • Recertification is required every three years, in addition to ten yearly continuing professional education (CPE) units. As with those Associates who pass the CISSP exam, SSCP certificate holders can acquire the more advanced designation once they have five years or more of relevant professional experience.
  • Certified Authorization Professional (CAP®)
    • Employees charged with implementing risk assessment protocols, establishing security requirements and maintaining documentation to ensure that an organization’s security systems adequately address existing and emerging risks are best-served by the (ISC)² CAP credential.
    • The seven domains tested on the CAP exam align accordingly: security authorization of information systems, information systems categorization, security control application, security control assessments, security control monitoring, security control baselines and information systems authorization.
    • (ISC)² generally requires at least two years of experience in at least one of the seven tested domains to sit for the CAP exam. As with other (ISC)² certificates, CAP holders must recertify over a three-year cycle and obtain CPE units on an ongoing basis.
    • In addition to conveying professional expertise and boosting earnings potential, all (ISC)² certificates can connect holders with valuable industry resources, the most important of which may be peer-to-peer interactions and networking opportunities.
  • Certified Ethical Hacker (CEH)
    • The International Council of Certified E-Commerce Consultants, commonly known as the EC-Council, administers the vendor-neutral CEH to lawful hackers, who are key players in targeting security vulnerabilities and evaluating risk.
    • To qualify for the CEH exams, candidates must prove either two years in ISS experience or comparable education and training credits. Department of Defense (DoD) 8570, which is closely aligned with the CEH credential, addresses similar issues as applicable to the development and maintenance of a robust information assurance workforce.

Regardless of which advanced credential ISS security professionals choose, the benefits are many, from higher salaries to professional agility. Most importantly, however, ISS security employees who proactively seek advanced education have the opportunity to play a vital role in safeguarding our nation’s most valuable resource – information.

 

Allen Graves writes about technology and business process improvement on behalf of Villanova University’s 100% online degree and certificate programs.