The information security business isn’t short on qualifications and certifications, but does it have the right ones? And do organisations who employ infosec specialists even understand them?
Ian Glover, president of CREST, the not-for-profit organisation that provides standards and certifications in areas like penetration testing, believes that what the infosec industry needs is greater professionalism – and he thinks we’re heading in that direction. What’s required, he explains, is a set of professional qualifications that are universally recognised and to which people can aspire. And we also need more clear-cut and standardised developmental pathways, backed up by codes of conduct.
In this interview, we also touch on a number of initiatives with which CREST is involved. It is working with the IISP (Institute of Information Security Professionals) and Royal Holloway’s Information Security Group (ISG) to implement the CESG Certified Professional (CCP) scheme that is designed for information assurance professionals working for or providing services to government bodies to validate their competencies, knowledge and skills.
CREST is also working closely with universities to help encourage and influence career choices through internships and its new CRESTx initiative. CRESTx provides academic partner universities with high quality information and video material to run their own conferences and give students the opportunity to have the most up to date ideas in cyber security and showcase their own research.
In another initiative, CREST is also working with e-skills UK, to develop higher apprenticeships in cyber security. With only around 7% of information security professionals under the age of 29, there is a real need to attract more young talent into the industry. The apprenticeships will offer young people the opportunity to start their career and earn a salary at the same time as working towards globally-recognised qualifications.