a career in cybersecurity
TRANSCRIPT
Presented ByLionel Hackett
WiseCrowdCEO & Co-Founder
2 November 2016@WiseCrowdGlobal
A Career in Cybersecurity
Lionel HackettWiseCrowdCEO and Co-founder
About Me
Previous Experience
“The trusted online platform connecting businesses with freelance
consultants in Governance, Risk & Compliance
(GRC)”
Introduction - A Career in Cybersecurity • Why? The Opportunity
• What? The Certifications
• How? The Career Boosters
ISACA is an international professional association focused on IT Governance. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves
CSX Practitioner (CSXP)• Demonstrates the ability to serve as a first responder to a cybersecurity incident following
established procedures and defined processes. One certification and three training courses.• This certification is a prerequisite for any of the five CSX Specialist certifications.
CSX Specialist (CSXS)• Demonstrates effective skills and deep knowledge in one or more of the five areas based closely
on the NIST Cybersecurity Framework: Identify, Detect, Protect, Respond and Recover.• There is one certification and one training course for each of these five areas. Professionals can
choose to attain one or more of the five.• CSX Practitioner is a prerequisite for a CSX Specialist designation.
CSX Expert (CSXE)• Demonstrates ability of a master/expert-level cybersecurity professional who can identify,
analyse, respond to, and mitigate complex cybersecurity incidents. • There is one training course and one certification at this level. No prerequisites are required.
ISACA’s new cybersecurity certifications
Certified Information Systems Auditor (CISA)• Demonstrates audit skills and the ability to assess vulnerabilities, establish controls, and report on
compliance within the enterprise. • Minimum of five years of work experience in the fields of Information Systems Auditing, Control, Assurance
or Security is a prerequisite.
Certified Information Security Manager (CISM) • Demonstrates the ability to create a relationship between an information security program and broader
business goals and objectives. Ensures knowledge of information security, as well as development and management of an information security program.
• Minimum of five years of work experience in the field of information security, with at least three years in the role of information security manager is a prerequisite.
Certified in Risk and Information Systems Control (CRISC)• Prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and
positions them to become strategic partners to the enterprise.
ISACA Certifications
Systems Security Certified Practitioner (SSCP)• Good option for IT managers who have built their technical skills and practical security know-
how via hands-on roles.• Offered by the International Information Systems Security Certification Consortium (ISC)2. • Minimum of one year of cumulative paid full-time work experience in one or more of the seven
domains of the SSCP Common Body of Knowledge (CBK) is prerequisite.
Certified Information Systems Security Professional (CISSP)• (ISC)2 certification for professionals who have extensive technical and managerial skills and
experience. • Demonstrates credibility and expertise to design, implement, and manage their own information
security programs to protect their businesses from the rapid increase in sophisticated cyberattacks.
• Minimum of five years of paid full-time work experience in two of the eight domains of the CISSP CBK is prerequisite.
(ISC)² Cybersecurity Certifications
Global Information Assurance Certification (GIAC) tests and validates the ability of practitioners in areas including security administration, forensics, management, audits, software security, and legal.
GIAC Security Essentials (GSEC)• Demonstrates that they are qualified for IT systems hands-on roles with respect to security tasks.
Candidates are required to demonstrate an understanding of information security beyond simple terminology and concepts.
GIAC Penetration Tester (GPEN)• Demonstrates penetration-testing methodologies, the legal issues surrounding penetration
testing and how to properly conduct a penetration test as well as best practice technical and non-technical techniques specific to conduct a penetration test.
GIAC Cybersecurity Certifications
EC-Council is a member-based organisation that certifies individuals in various e-business and information security skills.
Certified Ethical Hacker (CEH)• CEH is a comprehensive Ethical Hacking and Information Systems Security Auditing program,
suitable for candidates who want to acquaint themselves with the latest security threats, advanced attack vectors, and practical real time demonstrations of the latest hacking techniques, methodologies, tools, tricks, and security measures.
• Official training or at least two years of information security related experience is prerequisite.
EC-Council Certified Security Analyst (ECSA) • Advanced ethical hacking certification and a step ahead of a CEH. This certification helps
analysts validate the analytical phase of ethical hacking by being able to analyse the outcome of hacking tools and technologies.
• Official training or at least two years of information security related experience is prerequisite.
EC-Council Cybersecurity Certifications
Career Boosters• Certification and accreditation• Continuing Professional Education (CPE)• Attend events and conferences• Mentoring• Write articles or blog• Maintain LinkedIn and Twitter profile• Develop good relationships with recruiters
Conclusion• Massive Opportunity• Personally Challenging• Constantly Evolving• Exciting