Security staff need business skills

IT security professionals must broaden their knowledge base, warn experts

Information security professionals are coming under increasing pressure to broaden their business knowledge, and the proliferation of competing certifications could be hindering career development, according to industry experts.

At a roundtable event hosted by IT security certification body ISC2, Iain Sutherland, founder of specialist recruitment agency Information Security Solutions, noted that companies are now demanding their IT security professionals have a broad knowledge of business practices as well as a good technical grounding.

"The only way to get this sort of person is to [hire] someone who has come up through the information security ranks but has found time to go and do an MBA," Sutherland argued. "IT security staff make up the highest proportion of [IT staff] taking MBAs, because firms are raising the bar all the time."

However, Paul Dorey, chief information security officer for BP, argued that IT security staff can be taught business skills without having to acquire an MBA, and said the newly formed Institute of Information Security Professionals (IISP), which he chairs, could play a role with its mentoring schemes and career development assistance.

"When graduates turn up to my company they don't have business judgement and we have to work hard to teach them," said Dorey. "The IISP [should be able] to help people achieve that level of business credibility."

But others raised concerns that the IISP would struggle to gain recognition in an already crowded marketplace, until it can prove its value to members.

"It's fine having a string of letters after your name but education is the most important thing [an organisation can offer]," said Chris Rodgerson, a student currently taking an MSc in Information Security. "I gave up my British Computer Society membership because I wasn't prepared to pay the annual fee just to receive a magazine."

Rodgerson added that the large number of certifications currently on offer makes it hard to decide which qualifications are required for certain jobs.

Sutherland said this situation is likely to continue, as employers tend to employ staff who have the same qualifications as them.