An information security expert will need skills in detecting threats and preventing attacks, knowledge of computer forensics and having the same skills as hackers. But this is just the beginning. Scientific and technological progress does not stand still, and each novelty gives more benefit to attackers than defenders. Hacking methods are constantly changing, and you need to keep track of the latest trends in criminology, emergency response and learn how to counterattack. Therefore, the candidate must have a wide range of skills in collecting, analyzing and applying a variety of information. On the other hand, information security is still a business, and risk management skills are included in the list of requirements. If you meet with an information security expert and hear from him the phrase: “It always worked before,” then expect that he will be fired soon. The alteration of the perimeter and the establishment of a network of accomplices in any case carry a huge share of the risk that must be assumed.
In this field of IT, higher education is of secondary importance.
CITC studies in the USA indicate that only 3% of companies require a master’s degree from candidates and only 1% may require a Ph.D., whereas for 76% of enterprises a bachelor’s degree is considered sufficient. Among the most popular specialties are computer science, mathematics and engineering. Obtaining a certificate in the CIS is mandatory only when applying to a Western firm, but the process of preparing and obtaining certificates introduces a person into the community of specialists, which greatly increases the chances of improving professional fitness.
A deep analysis of this profession creates the impression of complexity that an ordinary mind and character cannot overcome. In fact, the whole difficulty lies in its chronic novelty. The Internet gives a huge level of freedom: the absence of serious restrictions teaches you to lose, learn lessons and repeat this cycle until yesterday’s threat turns out to be today’s salvation.