This time of year invariably brings us thoughts of New Year's resolutions. You may be thinking about what you can do to sharpen your security skills. Sure, you have advanced your skills over the last several years through experience and by achieving security certifications -- but what now? Are you adequately prepared to address the challenges of the future?
Don't think that our opponent, be it man-made or natural, will wait for you to become prepared. Now is the time to consider making the next step in advancing your learning quotient. To help meet this goal, here is a list of security-related certifications that can help add something new to your skills and abilities. These are not your standard Microsoft certifications, but that's the point: Unique skills and abilities can make a real difference in your marketability in today's challenging workplace. Let's take a look at what I am talking about here.
First up is the Project Management Professional (PMP). Project management can enhance your existing skill set, including security management skills. After all, it's about building skills to better lead, guide, organize, plan and control. The PMP Certification is offered by the Project Management Institute. The certification validates an individual's project-management skills. The PMP certification is gaining popularity and there are over 75,000 individuals certified in over 120 countries. Portions of the project-management body of knowledge (PMBOK) can be found in certified information systems security professional (CISSP) and certified information security auditor (CISA) exam materials.
Speaking of the CISA, let's look at it next. You may have heard the joke about how the Sarbanes-Oxley Act (SOX) is also know as the guaranteed auditor act of 2002. That's not really true, but it is a fact that the CISA program is sustaining real growth -- so much so that Certification magazine named it as one of the top ten best specialized certifications. More than 10,000 people registered to take the certification during 2004. The exam covers six areas: IS audit process, IT governance, systems and infrastructure lifecycle management, IT service delivery and support, protection of information assets and business continuity and disaster recovery.
Next up for your consideration is the Certified Business Continuity Professional (CBCP). This certification is offered by DRI International (DRII). The CBCP is the DRII's basic certification as a business-continuity and disaster-recovery planner. The certification covers ten domains that focus on the business continuity and disaster recovery. Money magazine reported that the demand for business-continuity professionals is up and that the average pay for a business-continuity director is about $118,000.
If you are looking for something even more exciting, you might be interested in the Certified Fraud Examiner (CFE). This certification demonstrates expertise in fraud prevention, detection, deterrence and investigation. The certification content covers four areas: Criminology & ethics, financial transactions, fraud investigation and the legal elements of fraud.
ISC2 also has specialties for those wanting something more than just their CISSP. These specialties include the ISSAP, which focuses on security architecture, the ISSEP, which concentrates on security engineering, and the ISSMP, which focuses on security management.
Well, that's the list. IT security remains a great field to be involved in as there are lots of options and opportunities to advance your career. I hope that some of the certifications I introduced have sparked your interest and encourage you to make a New Year's resolution to sharpen your security skills.
About the author
Michael Gregg has more than 15 years of experience in IT. Michael is the President of Superior Solutions, Inc., a Houston-based training and consulting firm. He is an expert on networking, security and Internet technologies. He holds two associates degrees, a bachelor's degree and a master's degree. He presently maintains the following certifications: MCSE, MCT, CTT, A+, N+, CNA, CCNA, CIW Security Analyst and TICSA.