More evidence points to value of security certification

for a year’s worth of reports) is available free online to illustrate the format of the report (most of the charts have been redacted to blanks).

Among the 201 specializations studied by Foote Partners, 34 certifications specifically involve security, auditing, forensics, or penetration testing. Founder David Foote, who also serves as Foote Partners’ CEO & Chief Research Officer, was quoted in a 31 December 2009 interview in a Bank Information Security podcast as saying that “Information security is the hot career option for professionals in 2010 and beyond.” He was also interviewed back in August 2009 by Carolyn Gibney of SearchSecurity and said much the same thing: “Foote says there’s reason for those in the security industry to be optimistic.”

The 5 January 2010 issue of the System Administration and Network Security (SANS) NewsBites started with the following assertion in an advertisement for the organization’s courses:

The hottest security skills employers are seeking for 2010:

  1. Red teaming/penetration testing (systems/networks and applications)
  2. Forensics
  3. Security essentials
  4. Reverse engineering malware
  5. Auditing networks and systems (hands-on testing)
  6. Intrusion detection
  7. Security management and leadership
  8. Securing virtual systems
  9. CISSP certification
  10. Plus: Effective presentation skills for security professionals.

This last point is important: in addition to technical skills, communications and management skills are valuable to IA professionals. Recently Paul Dorey, chairman of the Institute of Information Security Professionals in Britain, was quoted as follows:

We are entering a time when IT security people are going to have to move from being merely advisers to the business to real professionals whose views are listened to,” he said. As IT supports every aspect of life, security breaches become potentially life-threatening or disastrous for their organizations. Just as bridge designers and structural engineers work to common and consistent standards and are therefore respected, he said, so security professionals should command the same level of respect.


For that to happen, security professionals need to communicate effectively with a wide range of disciplines — including audit, risk assessment and compliance, IT and engineering. “They need to be like chameleons to fit into those disciplines,” he said. “You may not become an expert in them all, but you must at least don the facade. … Get some mentoring to help you understand them.”

Next week HSNW will publish a special report on homeland security education and certification. For more information, contact Cindy Whitman at 503.546.9977,