It was developed in 2002 to address the rise of security issues. Currently and according to CompTIA, there are more than 45,000 people around the world who have earned this certification. [1]

CompTIA Security+ proves competency in system security, network infrastructure, access control and organizational security.  Major organizations that employ CompTIA Security+ certified staff includes Hewlett-Packard, IBM, Motorola, Symantec, Hitachi, Ricoh, Lockheed Martin, Unisys, Hilton Hotels Corp., General Mills, the U.S. Navy, Army, Air Force and Marines. [2]

It is recommended that candidates have two years of security‐related work experience and a working knowledge of TCP/IP (although not a requirement) and pass the 100-question multiple-choice exam.

The newest version of the CompTIA Security+ certification exam was launched in late 2008.  The 90-minute exam has requires a score of 750 on a scale of 100 to 900 in order to pass.

The test takers are expected to understand the following areas of expertise:

1. General Security Topics, which represents 30% of the exam.
2. Communication Security, which represents 20% of the exam.
3. Infrastructure Security, which represents 20% of the exam.
4. Basics of Cryptography, which represents 15% of the exam.
5. Operational and Organizational Security, representing 15% of the exam.

CompTIA certification exams are provided through Pearson VUE and Prometric. Visit their sites to find the closest testing center to you.  The test is offered in English and Spanish.

The cost for taking the CompTIA test is around $258 US dollars. [3]

Numerous preparation materials are available, including 365 Computer Security Training’s online course in Computer Security Basics **shameless plug**.  Practice exam questions are available from the site here.

The CompTIA Security+ examination is a foundation course level course that is useful for entry level IT security professionals looking for their first jobs.  A Security+ certification is beneficial to more than the IT security novice because the Security+ exam can be applied as an elective to the MCSA: Security and the MCSE: Security specializations from Microsoft.

The CompTIA, Computing Technology Industry Association, is an industry non-profit trade organization created in 1982.  With the mission of “Advancing the Global IT Industry”.

Unfortunately, in January 2010 these ANSI/ISO approved certifications, including the Security+ examination, had their conditions changed from lifetime certifications to certifications that will expire every three years. Current certificate holders will still have valid certification for life, but any new certifications earned after December 31st, 2010 will expire every three years. [4]

Sources:

1. http://www.comptia.org/certifications/listed/security.aspx

2. http://www.comptia.org/Libraries/Certification_Documents/Global_Certification_Prices.sflb.ashx

3. http://en.wikipedia.org/wiki/CompTIA

On average, every 39 seconds your computer is on the Internet it is being scanned for vulnerabilities by intruders looking for a weakness or a hole in order to get into you system or network.

Today’s IT security personnel cannot expect to get on the job training but instead must come possessing security knowledge and skills. For instance, the Department of Defense (DoD) Directive 8570 requires that ALL information assurance professionals including contractors be certified by the end of 2010.

We have compiled a list of some careers in Computer Network Security.  The number of information security professionals worldwide is expected to grow 10% annually, up to 2.7 million in 2012 from 1.6 million in 2007. And it is unwise to outsource.

1. Information security crime investigator/forensics expert

2. System, network and/or Web penetration tester

3. Forensics analyst

4. Incident response, incident handler

5. Security architect

6. Vulnerability researcher

7. Network security engineer

8. Security analyst

9. Sworn law enforcement officer specializing in information security crime

10. CISO/ISO or director of security

11. Application penetration tester

12. Security operations center analyst

13. Prosecutor specializing in information security crime

14. Technical director and deputy CISO

15. Firewall/IPS administrator

16. Security evangelist

17. Vulnerability assessment analyst

18. Security auditor

19. Security assessment consultant

20. Technical security teacher

21. Security savvy software developer

22. Security maven in the application developer organization

23. Disaster recovery/business continuity analyst/manager

Sources:

1. http://www.isaca.org/Template.cfm?Section=home&Template=/ContentManagement/ContentDisplay.cfm&ContentID=26514
2. http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf
3. Network Security Fundamentals, By M. Ciampa, 2009, Cengage Learning
4. http://gcn.com/Articles/2008/10/24/The-coolest-IT-security-jobs.aspx?Page=1, The coolest IT Security Jobs, by Wyatt Kash, Oct. 24 2008, Government Computer News.

So what are the employment prospects in Information Technology Security? We have researched the average salary and job growth rates for some common jobs in computer security.

Our report focuses on the average salaries and growth rates in the United States due to the availability of data.  We would love to hear about the IT security salaries and job prospects around the world, so leave a comment.

The jobs we have profiled are:

• Chief Information Security Officer
• Security Manager
• Security Administrator
• Security Technician
• Penetration Tester
• Security Architect
• Network Security Engineer

1. Chief Information Security Officer (CISO)

Job Description:  Reports directly to top level management.  Responsibilities include the assessment, management, and implementation of security.

Average Salary US² : $140,000

Job Growth US⁴ : -5%

2. Security Manager

Job Description:  Reports to CISO and supervises technician, administrators, and staff.  Responsibilities include understanding and implementing programs of CISO.  Requirements include an understanding of configuration and operation of systems.

Average Salary US³ : $89,000

Job Growth US⁶: -10%

3. Security Administrator

Job Description: Operates between security manager and security technicians.  Responsibilities include managing day-to-day operations of security technology.  Also may analyze and design specific security solutions with end user in mind.

Average Salary US² : $64,000

Job Growth US⁵ : 18%

4. Security Technician

Job Description: Generally this is an entry-level position.  Responsibilities include providing technical support and trouble-shooting problems. Also, installs and configures software and hardware.

Average Salary US² : $40,000

Job Growth US⁶ : -5%

5. System, network, and/or web penetration tester (Certified Ethical Hacker)

Job Description: Characterized as an ethical hacker or cracker.  Responsibilities include understanding how systems can be penetrated and misused.

Average Salary US³ : $70,000

Job Growth US : 10%

6. Security Architect

Job Description: Works with all technology experts in the organization.  Responsibilities include designing the overall enterprise level security solution.

Average Salary US⁴ : $97,000

Job Growth US⁵ : 21%

7. Network Security Engineer

Job Description: A network security engineer reports to the security manager.  Responsibilities include developing, maintain, and troubleshoot various information technology security systems.  Analyzes log files, configures IT security software/hardware, and prepares security statistical reports.

Average Salary US⁶ : $85,000

Job Growth US⁶ : -6%

Sources

1. http://itmanagement.earthweb.com/career/article.php/3857676, Where Will the IT Jobs be in 2010?

2. Security + Guide to Network Security and Fundamentals, Third Edition, M. Ciampa

3. www.payscale.com

4. www.odinjobs.com

5. Department of Labor, www.bls.gov

6. www.indeed.com

In addition to these technical skills, some soft skills are also important such as customer service skills, problem-solving skills, the ability to think clearly and logically through tough situations, deal with management and communicate clearly and effectively.

The job of an IT security professional is not at all a glamorous one as portrayed in movies. They work long tiring hours often with no reward except knowing that everything is working fine. No one praises them if a good job is done. On the other hand, if anything goes wrong, everyone is after their head! Such is the life of an IT security professional!

At the entry level, the job title that one would look for would be that of a security specialist or technician. They are responsible for applying security measures to servers after the main sys administrator has got them secured, maintaining anti-virus, patching servers and reviewing firewall logs. An associate degree in general computer or technology related field is usually enough. Certain certifications like Network+ and Security+ would be beneficial.

For the mid level, graduating in a computer or tech related field or having four years of engineering education or any related field is important. They should have some vendor-neutral certifications such as SSCP or the more technically focused ones like

• CISSP
• GCWN
• CISM

Or vendor specialist certifications like Red Hat or MCSE: Security.

At top is the level of the network security engineer. To be eligible for this level one must have five or more years of experience in computer network security at work and proper education.

What are your thoughts on what it takes to become a competent IT Security Professional?