New IISP graduate scheme could help to create a professional network of infosec experts

Opinion by William Beer

ISP's graduate scheme could help kick-start careers, in an era where IT and business are ever more closely knit.

IISP's graduate scheme could help kick-start careers, in an era where IT and business are ever more closely knit.

There is concern within the information security community that we will soon be facing a severe shortage of talented industry professionals, which will cause organisations to fall behind with their security initiatives.

PricewaterhouseCoopers' recent Global State of Information Security Survey 2010 provided further evidence that across industries, executive recognition of security's strategic value is now more closely aligned with the business than with IT. Three years ago, companies still viewed the information security function principally as a technology cost centre.

Tellingly, this year's survey results show that the single most common reporting channel for chief information security officers (or equivalent information security executive) is to the CEO rather than the chief information officer. In fact, since 2007, the number of respondents reporting in this way to CIO rather than CEO has declined very significantly – by 39 per cent.

These results demonstrate that information security is being taken more seriously by the business than ever and mean that the skills of industry professionals have to be of a standard to meet this requirement.

In response to these challenges, a working group within the Institute of Information Security Professionals (IISP) has just launched a scheme to help kick-start the career of those interested in information security, as well as those who may never have considered it as a legitimate career path.

The objective of the new IISP scheme, the Graduate Development Programme, is to support professional development in line with the IISP skills framework, accelerate growth and provide a much-needed professional network. The IISP skills framework is becoming a recognised standard across the industry, both in the private and public sectors, meaning that skills learned are transferable across various different markets.

Unlike other professions, such as chartered accountancy, where new joiners embark on a rigorous training scheme to attain the Associate Chartered Accountant (ACA) qualification, information security professionals are not benchmarked in the same way.

Instead, what commonly happens in our profession is that it becomes a default career for people who may have a flair for or experience in IT. But this is missing the mark in creating concrete interest around an exciting profession and attracting the best talent while driving forward professionalism.

Once on the scheme, the delegate's development plan is agreed at the outset with their employer, and their experience and training are recorded, in line with IISP requirements.

Entrants on the IISP programme attend regular working sessions with colleagues and peers across the security industry, which provides a fantastic networking opportunity with other security professionals from day one.

Those following the programme will be eligible to apply for and be interviewed to achieve associate-level membership of the institute (A Inst ISP) after about two years, in what the institute plans will become a genuine competitive advantage for professionals seeking to establish their skills and value, either within their existing organisation or on the current job market.

Information security professionals from top firms populate the working group and large corporates lend their support. Key members are its chair, Martin Tyley of KPMG, Ian Benson of Deloitte, Edwin Aldridge of Standard Chartered, John Amer of BT and IISP's COO, Triona Tierney. Corporate supporters include Sapphire Consulting, Bank of America and Ascentor.

With support of this calibre, we think that accreditations such as this are destined to become a prominent feature in the future information security job market and will help to raise the level of professionalism in the information security industry.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events