Minimum education requirements are needed for an IT security career
ICO says knowledge of data privacy should be part of national curriculum
If the IT security industry is going to be recognised as a profession, we must learn lessons from more established industries.
According to Ian Glover, chairman of Crest, the entry point for other professions is in the region of 2,500 hours regular and frequent experience coupled with pathway qualifications that demonstrate progress. He said that the IT security industry should look to provide the same level of entry into its industry.
Speaking to SC Magazine, Glover said that there needs to be a consistent definition of what the requirements are for entry into the profession, and clearly defined career paths for areas of specialism.
He said: “We need to understand that those entering the industry at a professional level need to have an understanding of all aspects of the industry and have a broad range of skills drawn from multiple disciplines.
“Most existing recognised qualifications provide an element of this, but do not go into sufficient detail to provide a level of confidence in the capability of the individual. They require the candidate to have undertaken a limited amount of face to face training and some individual research.
“In isolation they are useful but combined in a logical way can provide evidence of a good understanding of the subject areas and for those aspiring to enter they can provide a defined pathway."
He said that to make the IT security industry an attractive career choice, more specialist examinations designed to assess individuals' progression and pathways must be put in place to allow them to realise their potential.
“Other professions have qualifications that measure people at approximately 6,000 hours (three years regular and frequent experience) competent professional level and then at an expert level 10,000 hours (five years regular and frequent experience) to enter,” Glover said.
“These are the levels the Crest qualifications in penetration testing, intrusion analysis, malware reverse engineering and security architecture are aimed at and are viewed as being of real value to those who have them and an aspiration to those looking at these areas as a career.”
Glover also said that where people are entering the industry needs to be looked at, and they should be provided with support to enter and progress through the profession.
He said: “We need to understand what a relevant degree course provides in terms of knowledge and provide a pathway from graduation to their entry into the profession. Each degree is different and even within the same course students opt for different modules.
“If it is clear what the industry expects, graduates can understand what else they need to do following graduation to be considered as professional. We also need to provide greater opportunities for students and graduates to gain essential work experience through a greater provision of internships.
“For those that are looking to make a career change into the industry they need to be able to assess their existing skill set and have a personalised pathway that they can follow to meet the industry requirements.”
Glover said that for those entering the industry from schools and colleges, higher apprenticeship schemes can be derived based on the entry point to the profession, as this will provide a focal point for employers and apprentices. He said that this would also provide a framework for training providers allowing them to adapt existing material, and create new material where there are gaps to meet the industry requirements.
Asked who should be offering this, Glover said that there are training providers and certification bodies that are doing a good job in this area, but what is missing is a national framework and coordinated strategy for delivery.
He said: “Setting this up is the responsibility of industry and the professional bodies. Working together with a single clear purpose and common objectives will allow us to make real progress and to make us look as though we are a joined up industry willing to work collaboratively.
“This is the type of industry I would like to enter if I was a young person looking for an exciting career where I could progress and make a difference.”
This is an updated version of an earlier story