Approximately 63,358 IT security professionals hold the CISSP certification in 134 countries.

The requirements to obtain a CISSP certification are:

• Must subscribe to the (ISC)² code of ethics.
• Must pass the CISSP exam.
• Must have five years (or 4 years with a college degree) of direct work experience in two or more of the ten test domains of the CISSP Common Body of Knowledge (CBK).
• Receive a recommendation by another (ISC)² certified professional in good standing.

The CISSP CBK is based on the CIA triangle of confidentiality, integrity and availability and attempts to balance the three across ten areas of interest, which are also called domains. The ten CBK domains are:

1. Access Control
2. Application Security
3. Business Continuity
4. Cryptography
5. Security Management
6. Legal Compliance
7. Operations Security
8. Physical Security
9. Security Architecture
10. 10. Telecommunications and Network Security

The exam lasts up to six hours, and includes 250 multiple-choice questions.  A passing score is 700 or greater.

The CISSP exam costs $450. Last minute registration costs another $100. In addition, an annual fee $85 is required.

Every three years recertification is required. In order to recertify you must retake the exam or earn 120 Continuing Professional Education (CPE) credits.

CPEs can be earned in several ways, including taking classes, attending conferences and seminars, teaching others, undertaking volunteer work, professional writing, etc., all in areas covered by the CBK.

Experienced CISSP certified information security professionals may earn advanced IT security certifications in specific areas.  The concentrations currently offered by (ISC)² are:

• (ISSAP), Information Systems Security Architecture Professional
• (ISSEP), Information Systems Security Engineering Professional
• (ISSMP), Information Systems Security Management Professional

Each concentration is accompanied by it own prerequisite exam.

So what can an IT security profession expect to get in return for obtaining a CISSP certification?  Several surveys of certification holders have reported an average salary of near or greater than $100,000 U.S. annually, making this one of the most lucrative IT security certifications.

The CISSP was the first credential in the field of information security, accredited by the ANSI (American National Standards Institute) and ISO (International Standards Organization) Standard.

Other computer security certifications offered by (ISC)² include:

• (CSSP), Certified Secure Software Lifecycle Professional
• (SSCP), Systems Security Certified Practitioner

Sources:

1.  http://en.wikipedia.org/wiki/Certified_Information_Systems_Security_Professional

2. http://certification.about.com/od/certifications/p/cissp.htm

3. http://www.cissp.com/index.asp

4. http://www.isc2.org/

It was developed in 2002 to address the rise of security issues. Currently and according to CompTIA, there are more than 45,000 people around the world who have earned this certification. [1]

CompTIA Security+ proves competency in system security, network infrastructure, access control and organizational security.  Major organizations that employ CompTIA Security+ certified staff includes Hewlett-Packard, IBM, Motorola, Symantec, Hitachi, Ricoh, Lockheed Martin, Unisys, Hilton Hotels Corp., General Mills, the U.S. Navy, Army, Air Force and Marines. [2]

It is recommended that candidates have two years of security‐related work experience and a working knowledge of TCP/IP (although not a requirement) and pass the 100-question multiple-choice exam.

The newest version of the CompTIA Security+ certification exam was launched in late 2008.  The 90-minute exam has requires a score of 750 on a scale of 100 to 900 in order to pass.

The test takers are expected to understand the following areas of expertise:

1. General Security Topics, which represents 30% of the exam.
2. Communication Security, which represents 20% of the exam.
3. Infrastructure Security, which represents 20% of the exam.
4. Basics of Cryptography, which represents 15% of the exam.
5. Operational and Organizational Security, representing 15% of the exam.

CompTIA certification exams are provided through Pearson VUE and Prometric. Visit their sites to find the closest testing center to you.  The test is offered in English and Spanish.

The cost for taking the CompTIA test is around $258 US dollars. [3]

Numerous preparation materials are available, including 365 Computer Security Training’s online course in Computer Security Basics **shameless plug**.  Practice exam questions are available from the site here.

The CompTIA Security+ examination is a foundation course level course that is useful for entry level IT security professionals looking for their first jobs.  A Security+ certification is beneficial to more than the IT security novice because the Security+ exam can be applied as an elective to the MCSA: Security and the MCSE: Security specializations from Microsoft.

The CompTIA, Computing Technology Industry Association, is an industry non-profit trade organization created in 1982.  With the mission of “Advancing the Global IT Industry”.

Unfortunately, in January 2010 these ANSI/ISO approved certifications, including the Security+ examination, had their conditions changed from lifetime certifications to certifications that will expire every three years. Current certificate holders will still have valid certification for life, but any new certifications earned after December 31st, 2010 will expire every three years. [4]

Sources:

1. http://www.comptia.org/certifications/listed/security.aspx

2. http://www.comptia.org/Libraries/Certification_Documents/Global_Certification_Prices.sflb.ashx

3. http://en.wikipedia.org/wiki/CompTIA

In addition to these technical skills, some soft skills are also important such as customer service skills, problem-solving skills, the ability to think clearly and logically through tough situations, deal with management and communicate clearly and effectively.

The job of an IT security professional is not at all a glamorous one as portrayed in movies. They work long tiring hours often with no reward except knowing that everything is working fine. No one praises them if a good job is done. On the other hand, if anything goes wrong, everyone is after their head! Such is the life of an IT security professional!

At the entry level, the job title that one would look for would be that of a security specialist or technician. They are responsible for applying security measures to servers after the main sys administrator has got them secured, maintaining anti-virus, patching servers and reviewing firewall logs. An associate degree in general computer or technology related field is usually enough. Certain certifications like Network+ and Security+ would be beneficial.

For the mid level, graduating in a computer or tech related field or having four years of engineering education or any related field is important. They should have some vendor-neutral certifications such as SSCP or the more technically focused ones like

• CISSP
• GCWN
• CISM

Or vendor specialist certifications like Red Hat or MCSE: Security.

At top is the level of the network security engineer. To be eligible for this level one must have five or more years of experience in computer network security at work and proper education.

What are your thoughts on what it takes to become a competent IT Security Professional?

Lesson One: InfoSec Fundamentals
What information security is, the current attack trends and basic vocabulary of security professionals.

Lesson Two: Attack and Defense
The basic attacks and basic defenses, cybercrime, security management, and corporate information systems defense.

Lesson Three: TCP/IP
The secrets of TCP/IP, structure of protocols, networks and the Internet.

In addition if you sign up for our full 25 lesson course you will be able to download audio, video, transcripts, definitions, and quizzes to test your understanding.