Amar Singh, CEO and founder of Cyber Management Alliance, sat down with Adrian Davis, Managing Director EMEA at (ISC)2 and discussed the cyber security industry today, how they are changing the way graduates are being taught IT-related and computer science degrees, and his Top Tips for a career in cyber security.
Adrian started his career as a chemist, a research scientist with the MoD, but he did little as a chemist. Instead he learnt a whole range of other skills that would eventually lead to his current role. He had a thirst for learning, a desire to gather as much knowledge as he could and apply it to his different roles, and he believes that it this wanting to learn that is important in any career, not just a cyber security.
Is there a particular qualification on which to focus?
Not necessarily. Adrian admits that (ISC)2’s qualifications are not for everybody; not everyone that works in Information Security needs a CISSP certification, or a CISM, or a CISE. Each qualification fulfills are particular aspect of the industry, and indicates different levels of achievement and knowledge.
However, for those wanting an (ISC)2 qualification, there are two main certifications. The first is CISSP; that’s the certification that everyone recognises and is the benchmark worldwide. To sit the exam, you need to have a minimum of five years’ experience, or four years’ together with a recognised college/university degree. But it’s not a book-learning exam. Adrian explains that you need to have experience because much of the exam questions are related to what experience you have gained.
An great entry level qualification at (ISC)2 is there SSCP (Systems Security Certified Practitioner) certification which is aimed at the wider IT community, i.e. system administrators, user access people. A year’s experience is needed and the exam is based around a broader general knowledge of information and cyber security.
(ISC)2 have recently introduced the HCISPP (Healthcare Information Security & Privacy Practitioner). In healthcare, there is huge amounts of sensitive data, data that requires high integrity so this qualification is aimed at people working the medical profession, the non-information security security people; all those that have access to sensitive information and rely on IT, helping them to become a knowledgeable cyber competent.
Adrian believes in qualifications; they can make you stand out from the crowd, they you’re your commitment to furthering your education, your profession and your career. But it’s not for everybody.
What about the EPQ?
Adrian explains that the EPQ – Extended Project Qualification – is sponsored by City and Guilds. (ISC)2 worked with Cyber Security Challenge and other organisations to develop a vocational qualification, which is what EPQ is. It covers a wide range of industries including cyber security and is project-based. So, a student selects a topic/industry and follows the project rules. The project must have four parts:
- An introduction to what you are going to do, what the project is about.
- A plan on how you are going to approach the project, your method.
- Evidence of research. Explain the nature of the problem, the tools you have used, and how you are going to try and solve it.
- Must show the results of your work, and write up the conclusions.
An EPQ is worth 70 UCAS points but it’s more than that, explains Adrian. Not only can the qualification be used later on as part of CISSP, as it’s a practical experience, but it is also a good way to differentiate yourself from others, showing what you are capable of in terms of learning, practical experience, good analytical and written communication skills, and it is something you can show your employer.
Adrian’s Top Tips
- Don’t think you can do it on your own. Yes, Adrian agrees that you should have the CBK, but don’t read it! Use is as a reference book. It has all the facts and algorithms you will need.
- Don’t learn passively. Reading the books, going to a firebrand boot camp or doing the live online courses isn’t going to give you the depth of knowledge you need. Don’t just sit there and think your brain will soak it up, it’s too much information and you will not remember it all. It’s important to learn actively so write things out, get people to test you.
- Find a mentor. Find somebody that’s already done it. Go to a Regional Chapter or similar; certain chapters run study evenings that can help your understanding, and allow you to ask questions.