As more users and organizations use the cloud to store information, concerns are emerging about the data’s security as it travels across the Internet. Cloud-based file and program storage can significantly improve workflows and management capabilities, but users must feel confident that sensitive information will safe from hacking attempts.
Information assurance professionals work to provide that confidence, safeguarding user information against attackers and protecting the security and stability of clients who rely on cloud computing.
The U.S. Bureau of Labor Statistics (BLS) notes an expected growth rate of 18% for information security professionals from 2014 to 2024. This is significantly greater than the average for all other occupations surveyed by the BLS. It reflects the increasing demand for information security professionals as a means to defend against cyberattacks. Information security is crucial to both business and government security, and information security professionals are expected to have significant job opportunities as more organizations begin moving to cloud-based storage systems.
Information assurance is a relatively new field, and responsibilities of information security professionals continue to develop as cyber attacks become more prevalent. At its most basic, the role of an information security professional is to monitor the security status of an organization’s computer systems and develop increased protection against intrusion as necessary. This responsibility requires ongoing research into the latest hacking strategies in order to anticipate and prevent future security breaches.
Information security professionals are also responsible for developing an organization’s disaster-recovery plan to prepare for cases where hackers may successfully break into an organization’s systems. To do this, information security professionals work closely with other members of the IT department and with upper management to create the best system of protection and recovery possible.
Information security professionals usually work full time, and may be required to remain on call outside of normal working hours in the event of an unexpected security breach. They can work in the public and private sector, or be self-employed as consultants and business owners.
The BLS reported a median annual salary for information security professionals of $90,120 in May 2015. The lowest 10% of professionals in terms of wages reported earning less than $51,280, while the highest 10% reported earning more than $143,770. Employment prospects and salary ranges typically vary based on an individual’s work history, physical location and educational qualifications.
Education and Training
Aspiring information security professionals typically need a bachelor’s degree in a related field, such as computer science or programming. While some employers have looked for business degrees with a focus in information technology in the past, an increasing number of programs in information technology at the master’s level, such as the Master of Science in Information Technology (MSIT), may become the more common degree path for information security professionals.
Job seekers may encounter requests for various certifications such as the MCTS (Microsoft Certified Technology Specialist), the CISSP (Certified Information Systems Security Professional), the Security+, the CompTIA A+ or the PMP (Project Manager Professional) certifications. These options are available to those with multiple areas of interest in IT, with several different options pertaining to the information security areas relevant to an information assurance professional.
Information assurance job seekers may want to pursue certifications through the GIAC (Global Information Assurance Certification) program. GIAC is an information security certification that focuses specifically on the technical skills needed by practicing information assurance professionals.
GIAC certifications are available in a number of different areas, including eight that are recognized by Department of Defense Directive 8570 as suggested certifications for government information assurance professionals. Users can elect, for example, to gain certification in Security Essentials, Windows Security, Security Leadership or InfoSec Project Management. A complete list of GIAC certification options, including a roadmap for certification, is available on the GIAC website.
GIAC exams can be taken at different levels. The basic certification requires passing only a multiple-choice exam, while Gold-level status adds the requirement of a written technical report. The GIAC website recommends training courses in relevant areas before registering to take a test, as even experienced professionals may require some review to pass. Certifications are valid for four years, after which professionals must register to retake their exams in order to remain certified.
GIAC certifications stress to both current and future employers that the job seeker’s skills are highly developed and their personal initiative to excel in the industry is strong. In some cases, current certifications may be used to gauge upward mobility within a company, helping professionals reach their potential and boosting their career success.
Is a Career in Information Assurance Security Right for You?
The importance of information security to organizations is hard to overstate. Information security professionals work at the forefront of technology development, constantly assessing the degree to which their systems are protected. An exciting career prospect for those with interests in technology, computer systems or cybercrime, information security professionals enjoy high demand for their skills and an opportunity to provide a vital service to organizations ranging from small businesses to major corporations and government agencies.
If you enjoy the prospect of carefully analyzing hacking situations and computer systems and working with a team that safeguards an organization’s sensitive data, you may wish to consider a career as an information security professional.