InfoSec Qualifications and career paths

Information security education and certification options

When it comes to InfoSec, as with most things, you have three main options for education and certification:

  • Traditional higher education options
  • Professional / industry certifications
  • Online learning pathways and certs


Traditional higher education options

There are an increasing number of higher education options you can choose from when it comes to information security and cyber security. It can be a bit daunting trying to comb through the full list of college and university courses on offer but this tried and tested method is still arguably the most commonly expected form of education/certification (particularly for those just starting out in their professional careers with little to no job history). As such, we’ve compiled this short list of tips that should hopefully make your selection more manageable and help you get the most out of whichever degree you choose:

  1. Before worrying about anything else read the modules / curriculum for the courses you have found. No two courses are the same and you will cut out a lot this way. It’s also crucial that you choose a course that actually delivers what you are passionate about.
  2. Another great way to shortlist the courses available to you is by their standing in the security industry. If you can find information security courses backed by a national agency or industry powerhouse you’ll be hard pressed to find courses that will give you more bang for your buck on a CV. In the UK for example, the NCSC has a list of certified higher education providers and their courses for different security specalisms. Checking here can help you ensure the courses you are looking at don’t just sound good on paper but have actually been verfified by the NCSC.
  3. Finally, we advise deciding on what ‘type’ of security education you want. There are colleges and universities with tried and tested educational methods / frameworks but your education might be more ‘bookish’ and then there are colleges and universities with less established courses but are known for being at the cutting edge of technology and research. This might result in a more hands on education with more up to date tools and techniques. This could potentially prepare you for the workplace better but may not have as much reputational weight as other courses / institutions. There are pro’s and con’s for both. To help you make your decision you can use ranking sites such as this.


Professional / industry certifications

When it comes to information security its reasonably common for professionals with established careers to retrain and/or move laterally within the company from another technical role into InfoSec. In such cases going back to traditional higher education can not only seem like a significant investment, but also may not actually be needed. For example, many specialists in areas such as web development, IT, compliance and auditing decide later on in their career to move into information security. In such cases their career experience can be very useful and these professionals may just decide to simply get an infosec certification to validate their industry knowledge. These certifications are also very good for all informtion security and cyber security profesisonals to further validate their industry knowledge / expertise. There are many security certs these days but these are just some of the more well known ones:

IBITGQ qualifications currently include:

  • Certified ISMS Foundation (CIS F)
  • Certified ISMS Lead Implementer (CIS LI)
  • Certified ISMS Risk Management (CIS RM)
  • Certified ISMS Lead Auditor (CIS LA)
  • Certified BCMS Foundation (CBC F)
  • Certified BCMS Lead Implementer (CBC LI)
  • Certified BCMS Lead Auditor (CBC LA)
  • Certified in IT Governance Principles (CITGP)

(ISC)² – International Information Systems Security Certification Consortium

The six key (ISC)² qualifications are:

  • CISSP – Certified Information Systems Security Professional.
  • CISSP Concentrations (x3):
    • ISSAP – Information Systems Security Architecture Professional
    • ISSEP – Information Systems Security Engineering Professional
    • ISSMP- Information Systems Security Management Professional
  • CAP – Certification and Accreditation Professional 
  • SSCP – Systems Security Certified Practitioner

BCS – British Computer Society

The key BCS Professional Certification qualifications include:

  • Certificate in Information Security Management Principles (CISMP)
  • Certificate in Freedom of Information
  • Certificate in Information Assurance Auditing
  • Certificate in Information Assurance Compliance
  • Certificate in Information Systems Security Management
  • Certificate in Security and Information Risk Consultancy
  • Certificate in Security Architecture

Online learning pathways and certs

What do you do if you’re not ready to take an industry certification and you can’t comit to a formal higher education course for whatever the reason? There are a multitude of online learning courses available and, while they’re still not seen in the same light as formal higher educational qualifications there is no denying their popularity, vastly improved quality, and high success rate in helping their students land their dream jobs.

If online learning seems like the right option for you then, just like with more traditional higher education, you need to look at the industry reputation of the provider, the course content, and the type of learning. For example:

Cybrary – Is considered to be the world’s largest provider of online information security and cyber security courses. Not only has video learning but assessments and virtual labs where you can practice what you have learned. Provides official certification as an option. And is well known amongst a growing number of employers and has an impressive success rate when it comes to students going on to land jobs in infosec and cyber security roles.

Other online providers include:

  • The Open University
  • SANS Cyber Aces Training
  • Udemy
  • Coursera
  • Edx.org