Securing a Career Path in Cyber Security
Industry’s obligation to ensure that its systems are secure has never been more pressing, creating a very lucrative career path for qualified data security experts. Smarter IT professionals are cashing in on these growing opportunities by getting their technical skills certified and advancing up the corporate ranks. According to Gartner, a market research firm, spending on data security is expected to grow at nearly 8 percent this year. Companies are taking it seriously enough that the Chief Information Security Officer (CISO) has become an increasingly common presence at the top levels of many companies. A 2011 survey by PricewaterhouseCoopers found that 80 percent of businesses had a CISO or equivalent, and their level of compensation is on a par with other C-level management positions.
Demand for certified IT security staff, now viewed as heroic defenders of corporate livelihoods and business reputations, is vastly outstripping supply. So why have cyber security specialists with the right credentials become so revered that they are now breaking into the top levels of management?
We have come a long way from the time when the internet was only used to share information in science and academia, now it is a part of mainstream commerce with billions of dollars at stake. E-commerce in the United States is expected to account for $294 billion in 2014, nearly a tenth of all retail sales. However it was not so long ago that billions of dollars changing hands online seemed like a fanciful idea, a skepticism fueled by the idea of entrusting this mysterious new technology with our credit card details. Thieves can cause a lot of damage when they get hold of that information, and convincing the public to embrace a technology that they barely understand and allow it to carry their financial data has been a considerable achievement.
In addition to passing money around, consumers are also sharing more of their personal information with online companies in exchange for their “free” services. By getting their hands on their users’ personal preferences, companies like Facebook can then sell targeted advertising to help third parties reach their very specific target audiences. The loss of privacy is the price that the public has been willing to pay for the joys of social networking, and our willingness to trust these private entities with our family photographs is noteworthy.
Earning the public’s trust has been a critical ingredient to constructing the massive online business edifice that we now take for granted. However, trust is earned and subject to review. A series of data breaches has undermined that trust, damaging the reputations of numerous companies, even those that are held in relatively high esteem. In 2008, 2.5 million customers of Countrywide Financial, later acquired by Bank of America, were affected when their personal data, including social security numbers, were stolen, resulting in lawsuits that were settled by Bank of America for $56.5 million. In 2013, 70 million customers of Target, a major US retailer, were affected when their credit and debit card data were compromised, resulting in class action lawsuits against the firm. Numerous other high profile companies have been affected by data breaches, including one in September 2014 at Home Depot.
While consumers have become accustomed to the convenience of online retailing and it is unlikely that such data breaches will spell the death of e-commerce and a complete return to exclusive bricks-and-mortar business, data security has never been more important. The expense of settling lawsuits is inconvenient and can affect the bottom line in the short term, but the damage to a company’s reputation is longer lasting. Companies therefore have a considerable incentive to invest in putting verifiable procedures in place to keep customer data safe.
One such measure is certification of data security specialists. By hiring systems people who have respected and recognized credentials in cyber security, companies can keep their customers’ data safe and, just as importantly, they can be seen to do so. It may be one thing for a company to make a nebulous claim about how it only hires the brightest and best security experts, but the quality of such employees is a lot more measurable when they proudly claim to hire only professionals with specific qualifications such as the CompTIA Security+ certification.
For a data security professional with such a large responsibility, being on the receiving end of a cyber attack can be a stressful experience if one is ill-equipped with the latest knowledge in dealing with it. A certification like Security+ ensures that when the worst happens, one has enough knowledge to handle it competently and to maintain the reputation of a miracle worker.
The Security+ exam covers the foundation of how to secure a network and manage risk. Topics include access control, identity management and cryptography. Various mitigation and deterrent techniques to address network attacks and vulnerabilities are also covered, as are the security aspects of cloud computing, SCADA, and Bring Your Own Device (BYOD). The exam is updated every three years, and the CompTIA Continuing Education Program enables professionals to keep their certification current and their skills up to date in this rapidly changing field.
As demand for security professionals continues to soar, obtaining and keeping a qualification like Security+ is increasingly becoming a prerequisite for anyone wishing to carve out a career in such a lucrative and growing profession.