In this video, Marc Menninger describes key roles and functions performed by IT security consultants. Discover which skills and certifications IT security consultants are expected to have. Learn how many years of experience and other requirements you'll need to qualify for this high-demand IT security job.
- [Instructor] IT security consultants are highly experienced professionals who provide expert security advice and technical guidance to organizations. They can also be responsible for designing, testing, and implementing a wide variety of security solutions. In addition to IT security consultant common job titles include, information security consultant, computer security consultant, database security consultant, network security consultant, and cyber security consultant. When it comes to skills, IT security consultants need strong skills in security technologies such as firewalls, intrusion prevention systems, encryption technologies and more.
System and network administration skills on Unix and Windows platforms is a must. IT security consultants will apply their technical skills to determine the most effective way to protect computers, networks, software, data and information systems against any possible attacks. And like IT security auditors, consultants will often be required to perform vulnerability testing, risk analyses, and security assessments following industry standard analysis criteria.
But IT security consultants need skills beyond the obvious technical ones. A large part of an IT security consultant's job is interviewing staff and heads of departments to determine specific security issues. Therefore, strong interpersonal oral and written skills are required. IT security consultants will also deliver technical reports and formal papers on their test findings, as well as need to follow detailed project timelines, and milestones. That's why excellent organizational skills are also frequently desired by employers.
Almost every consultant role will require a bachelor's degree in a related field. This means in IT fields, such as a computer information systems degree. Other technical degrees may also be accepted. Many roles will require two to four years of business experience in IT security and prior consulting or professional services experience may also be preferred. In some cases, IT security consultants will lead a team of IT security specialists or technicians, so prior supervisory experience may be required.
And IT security consultants will need experience following ISO 27001/27002, ITIL, and COBIT frameworks and conducting PCI, HIPPA, NIST, GLBA, or SOX compliance assessments. Frequently desired certifications for IT security consultants include SANS GIAC certifications, OSCP, CSC, CPP, PSP, and CISSP. The IT security consultant job is ideal for security professionals with solid technical experience and strong people skills.
Marc closes with a few pieces of career advice specific to the world of information security, which will help you succeed in this dynamic and high-demand industry.
- IT security key concepts
- The job marketplace (government vs. healthcare, etc.)
- IT security success traits
- Career specializations
- IT security certifications
- Getting experience
- Marketing yourself