This article is a guideline for those who are considering a career in IT Security or starting a career in this area. In the document, we are going to touch on the issues related to ways to pursue a career in IT Security and why IT Security experts are in demand today. Our main goal will be to discover your roadmap to reach your career goal in this area, and to examine the most demanding IT security certifications necessary to improve your CISSP based career.

We can talk about two main reasons that make you consider a career in IT Security:
The first reason is demand. Parallel to the increase in the number of successful attacks, the need for qualified personnel to work in the field of IT security is also increasing.
And the second reason is salary. According to CW Jobs, the average salary for cyber security jobs is £72,500 and it’s over the other IT jobs’ average.

EMPLOYMENT AREA

Today, the rapid development of technology presents new opportunities for institutions, organizations, and individuals. This has been beneficial in many respects but also has brought with it a number of additional risk. IT Security has emerged to reduce the risks associated with the new technology. As technology develops, latest innovations are generating large amounts of data. Consequently, institutions and organizations which try to adapt to new technologies, produce much more data and more sophisticated programs. Most importantly, they are located in a very dangerous environment; the Internet. Therefore, organizations need IT Security professionals to ensure information security and to have early warnings of threats towards them. Increasing cyber attacks indicate that cyber security has great importance not only in public and military institutions keeping state secrets. Furthermore, it shows that it is crucial for companies and organizations of all sizes, such as banks, healthcare institutions, wholesale, and retail companies, to ensure information security. In general, when we look at all cyber attacks carried out today, we see that not only main targeted institution damaged from attacks. Likewise, other institutions which provide services to main targeted institutions get harmed from those attacks. The increasing number of attacks has highlighted the importance of cyber security in the public and private sector and has created demand for qualified personnel. Therefore, in many countries, efforts have been made to train staff to be employed in the cyber security sector.

CAREER IN INFORMATION TECHNOLOGY SECURITY
There are many career opportunities in IT security. Under this topic we will introduce the main business categories. We will talk about the preconditions, experiences and what certificates are needed. There are the main job titles, divided into varying levels of expertise: junior, expert, and senior expert, each with its own structure. It must be noted that applicants who want to start their career in IT security should be graduate from information technology, computer engineering, or similar. Nevertheless, this is not indispensable. Although this will bring the person one step further in the beginning, that is not a prerequisite to be a professional in this area. If the person has developed himself / herself in this area and has obtained the required certificates, it won’t matter in which area of expertise he or she graduated. You should be curious about the structure of information, have a way of thinking that is not afraid of breaking systems and be open to learning.

Information Security Expert
Job description:
Design and test security configurations for systems and networks.
Protect systems against unauthorized access or modification.
Perform vulnerability analysis and tests.

Skills Required:
Detailed knowledge of TCP / IP, computer networks, routing and switching issues.
Having detailed information about Windows, Unix and Linux operating systems
Knowledge of security technologies and processing formats (IDS / IPS, penetration testing, etc.)
Good knowledge of ISO 27001/27002, ITIL and COBIT frameworks.

Certificates:
CEH
CISSP
Security +

Job experience:
For Beginner Level: 1-2 years
For Expert Level: 5+ years

Average Salary: £ 55,000

Information Security Analyst
Job description:
They utilise their work experiences to identify risks and threats
They track and display network traces for IT Security.
They analyse current threats using cyber security tools.
They conduct detailed investigations on security incidents.

Skills Required:
Good analytical skills
Strong written and verbal communication skills
Problem solving

Certificates:
CompTIA A+, Network+, and Security+
CISM
CISSP

Job experience:

Training and experiences should have been acquired in an IT-related field
5-9 years’ experience in the relevant position.
He/she should be experienced in taking quick action on traffic analysis.

Average Salary: £ 70,000

Information Security Auditor
Job description:
Plan and manage security audits.
Provide verbal and written audit reports.
Inspect all areas for security enhancement.

Skills Required:
Good organization skills
Strong communication skills
Good knowledge about operating systems.
Knowledge of security systems (security wall, IDS, etc.)

Certificates
CISA
CISM
CISSP

Job experience:

Graduation from departments of Computer Engineering, Information Systems Engineering, Management Information Systems, etc.
Preferably, 5 – 7 years experience in consulting firms known as 4 elders.
Knowledge of ISO 27001/27002, ITIL or COBIT frameworks.

Average Salary: £ 70.000
Information Security Engineer
Job description:
Produce new technological solutions.
Evaluate and analyse how new technologies will affect the institution’s safety program.
Configure security infrastructures.
Produce scripts.
Investigate security incidents.

Skills Required:
Good operating systems knowledge
Security systems (Firewall, IDS, etc.)
Secure coding skills
Knowledge of virtual technologies

Certificates:
CEH
GIAC certifications (GCIH, GCFE, and GCFA)
CCNP Security
CISSP

Job experience:
Preferably, graduation from areas such as Computer Science, Computer Engineering.
He must have worked in IT field for at least 5 years, in addition at least 3 years experience in IT security field.
Sufficient knowledge of technologies such as routing, switching, IP addressing, DNS
Detailed knowledge of operating systems.

Average Salary: £ 62,000

Information Security Architecture
Job description:
Plan, research and design powerful security architecture.
Create security requirements for local networks.
Approve, display configuration of security firewall, VPN, router etc.
Provide technical support to the security team.

Skills Required:
Detailed information about operating systems.
Knowledge of security technologies and modes of operation (IDS / IPS, penetration testing, etc.) should be good.
Apply IT strategies to institution’s architecture and network security architecture.

Job experience:

Preferably it is expected to graduate from areas such as Computer Science and Computer Engineering.
7+ years experience in IT or IT Risk Management.
They should have 5+ years experience on architectural solutions.
Team leadership must be experienced

Average Salary: £ 88,000

Information Security Manager
Job description:
Produce and manage strategies for the organization’s security program.
Define and manage the implementation of the institution’s security policies.
Distribution of procedures such as auditing and forensic information.
Meet all regulatory requirements
Lead Security team

Skills Required:
Significant cyber security leadership
A broad range of cyber experience
Strong commercial awareness and business acumen
Strong interpersonal skills and experience of developing strong client relationships
Excellent communication skills
Knowledge of ISO 27001/27002, ITIL and COBIT frameworks

Certificates:
CISM
CISSP
CISSP-ISSAP
GIAC GSLC

Job Experience
Preferably it is expected to graduate from areas such as Computer Science and Computer Engineering.
It is expected that they will have 6+ years experience in information security and control areas.
It is essential that they have obtained sufficient experience in information security applications.
Team leadership experience is expected.

Average Salary: £ 95,000

IT Security Certification Programs
If you are considering a career in IT security, or if you have started your career in this area, the certifications will be a crucial part of your career. In fact, certificates show that you have a certain level of proficiency in your area. Employers also attach importance to certification in terms of determining candidate qualifications. There are many certification programs in IT security field. It will be mentioned about important and known certifications under this heading. For each of the certificates; we will touch on details such as from the institutions that can be obtained, the fee, the prerequisites and the level.
CEH (Certified Ethical Hacker)
Prepared by: EC-Council
Level: Medium
About it: It is measured your knowledge of techniques, tools, and technologies used by hackers to attack systems and to put them in danger.
Prerequisite: Experience in the field of information security for 2 years or CEH training from related institutions is expected.

Licensed Penetration Tester (LPT)
Definition: It is a complementary certificate of CEH certificate. As you learn the theoretical knowledge about hacking tools in the CEH certification, you are taken one step further in the LPT certification to measure your knowledge and skills in how to analyze the results of these tools and technologies.
Prepared by: EC-Council
Level: Specialist
Prerequisite: You must have 2+ years experience in pentest field.
Validity Period: 2 years

CHFI (Computer Hacking Forensic Investigator)
Definition: Measuring knowledge of operating systems, forensics and reverse engineering.
Prepared by: EC-Council
Level: Specialist
Prerequisite: You must have 2+ years experience in pentest field.
Validity Period: 3 years

Certified Information Systems Security Professional (CISSP)
Definition: It measures, information security program design skills and engineering, implementation and management ability.
Prepared by: ISC2
Level: Specialization
Prerequisite: 5 years security experience or 4 years security experience and graduation certificate or approved safety certificate is expected.
Validity Period: 3 years

Certified Information Systems Auditor (CISA)
Definition: IT is a test that measures knowledge in the field of security and controls.
Prepared by: ISACA
Level: Specialist
Prerequisite: At least 5 years experience in information security or information systems auditing

GIAC Security Essentials (GSEC)
Definition: An introductory level of IT Security certification designed to demonstrate knowledge of IT security baselines.
Prepared by: GIAC
Level: Medium
Prerequisite: There are no prerequisites.
Validity Period: 4 years