How to Get Into Information Security

If you are asking yourself "how do I get started in information security?", then you've taken your first step on the path to a career in one of the hottest fields. By 2020, it's predicted that there will be a shortfall of 1.5 million infosecurity employees.*

The most important move you can make when beginning a career in information security is to get certified. There are many certifications to choose from, and you should always consider the accrediting organization carefully. Look for organizations that not only offer quality certifications and top-notch training, but also have long-standing reputations as industry leaders.

Entry-Level Certification

The Systems Security Certified Practitioner (SSCP) certification from (ISC)² is one of the most well-regarded information security certifications in the industry. (ISC)² has been certifying information security professionals for nearly 3 decades, and its certifications have become the industry-leading credentials. So when you earn the SSCP credential from (ISC)², you'll have proven that you have the knowledge and skills you need to start a prosperous career.

How SSCP Certification Helps the Professional

  • Demonstrates proven technical ability gained through hands-on operational experience or technical roles
  • Confirms breadth and depth of hands-on technical knowledge expected by employers, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more
  • Bolsters standing career and offers a differentiator, with enhanced credibility and marketability for desirable opportunities
  • Indicates commitment to the field and ongoing relevancy through continuing professional education and understanding of the most current best practices
  • As a member of (ISC)², provides access to valuable career resources, such as networking and ideas exchange with peers

How SSCP Certification Helps the Enterprise

  • Strengthens security posture with qualified practitioners who have proven hands-on technical ability to competently handle day-to-day responsibilities to secure the organization’s data
  • Increases organizational understanding and implementation of best practices, as indicated by the (ISC)² CBK, the premier resource for information security professionals worldwide
  • Improves information security coherence across the organization with practitioners that speak the same language across disciplines and have cross-department perspective
  • Increases organizational integrity in the eyes of clients and other stakeholders
  • Enables access to a network of global industry and subject matter/domain experts
  • Satisfies certification mandate requirements for service providers and subcontractors
  • Ensures practitioners stay current on emerging and changing technologies, and security issues related to these technologies through the continuing professional education requirements 

The SSCP certification will help you get better employment opportunities and a higher salary.  According to Certification Magazine's 2016 Salary Survey, the average annual salary for a SSCP is $93,240. All you need to earn your SSCP certification is 1 years' field experience in 1 of the following domains:

  • Access Controls
  • Security Operations and Administration
  • Monitoring and Analysis
  • Risk, Response and Recovery
  • Cryptography
  • Networks and Communications
  • Malicious Code and Activity

If you don't have this experience you don't need to worry.  You can still sit for the exam and if you pass you will have 2 years to obtain the 1-year requirement with (ISC)²'s Associate Program.  There are many training options to learn the SSCP CBK to ensure you are confident before you take the exam.  You can learn more about these options here.

Advancing Your Career

From graduation to retirement, (ISC)²'s got your back.  After you earn your SSCP certification, you may want to advance your career beyond the technical aspects of information security and get into a managerial position.  If this is your future goal, then look to the Certified Information Systems Security Professional (CISSP) certification. CISSPs are key decision makers who develop policies, standards, procedures and manage the overall implementation of them across the enterprise. Furthermore, a CISSP can hone their expertise in the specialized areas of Architecture, Engineering and/or Management by obtaining a CISSP Concentration. To earn the CISSP credential you must have five years of experience in 2 or more of the CISSP CBK domains, however, the SSCP provides a 1 year waiver for the CISSP.


*Source: 2015 (ISC)2 Global Information Security Workforce Study