The Most in-Demand Skills

Security professionals should look to increase their skills in several areas:

Experienced-based certifications - such as ISACA's CISM and CISA certifications. These certifications are usually valued more highly by hiring organizations because they provide an assurance that the holder has extensive experience in their fields. Other certifications based on simply passing a test to demonstrate specific knowledge will be in less demand. Companies want to know that candidates can do the job, not pass a test.

Business skills - One of the greatest challenges in information security is alignment with business objectives. Companies are increasingly demanding that information security professionals understand financial, legal and regulatory, organizational and people issues.

Core security skills - Too many information security practitioners are engineers and technicians that "just fall into security" and do not have "core security skills" such as the ability to perform threat and risk assessments, assess control system effectiveness or the legal issues involved in incident response activities.

Converged security skills - Many organizations are beginning to understand that having separate risk management functions is wasteful, and executives who are demanding a greater return on their security investments are looking for ways to consolidate various corporate risk functions. This is not simply creating a CSO position to oversee both IT and physical security but is the convergence of IT, physical, legal, financial, audit, HR and regulatory risk functions. Security professionals that at least understand the basics of risk management in these other areas will be of greater value to organizations.

See also:

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.