• Homepage
• Prepare for Work
  • » Cisco Learning Partners
  • » Webinars
  • » How to Survive the Recession
  • » Job profiles
    • » Inside Sales Channel Account Manager
    • » Inside Sales Account Manager
    • » IT Support Technician
    • » Systems Engineer II
    • » Systems Engineer Manager
    • » Systems Engineer I
    • » Account Manager
    • » Data Centre Specialist
    • » IT Security
    • » Network Engineer
    • » Sales Manager
• Know the Industry
  • » IT in Focus
    • » Borderless Networks
    • » Anti-Spam
    • » Encrypted Email
    • » Packet Tracer 5.0
    • » Going Greener
    • » Product Testing
    • » New Threats
    • » Mobility
    • » Telepresence
    • » Internet Protocol Version 6:
    • » The Home Connection
  • » Webinars
  • » Women in IT
    • » Profile: Vimala Veerappan
    • » Cisco Lycéennes Bureaux
    • » Whats The Big Deal?
    • » Girls Get Networking
• Listen to the Experts
  • » Webinars
  • » My Week at Work
    • » Customer Support Engineer
    • » Systems Engineer
    • » Development Team Manager
    • » Senior Technical Consultant
    • » Principal Support Engineer
    • » Senior IT Project Manager
    • » Snr Quality Assurance Tester
    • » Associate Technical Manager
    • » Web Experience Manager
    • » Software Architect
    • » Call Centre Team Leader
  • » What is my job
    • » Former Head of NASA
    • » Chief Technical Officer
    • » Global Head BT
    • » YAHOO founder
    • » Head of Research
    • » Managing Director
    • » Founder and Chairman
• Work for Cisco/Partners
• Job Search
  • » Register
  • » We are Recruiting!
    • » nscglobal
    • » Total Jobs
    • » aap3
    • » Panduit
    • » Dimension Data
    • » StepStone
    • » CommScope
    • » Randstad
  • » Recruitment Agencies
  • » I Got a Job
    • » Latin America
      • » Daniel Mendez Chavez
      • » Maria Del Pilar Muñoz
    • » Europe
      • » Claudio Sarto
      • » Daniel Falemo
      • » Concepción Díaz
      • » George Kosnetzof
      • » David Konopek
      • » Dominik Krummenacher
      • » Nir Bar Natan
      • » Ana Dankman
      • » Dawn Breen
      • » Serena Ramovecchi
      • » Martina Marganingsih
      • » Béatrice Rollin
      • » Gordon McCallum
      • » Yann Jouanin
      • » Stefan Angerer
      • » Olga Torstensson
      • » Michele La Rosa
      • » Jorma Heikkinen
      • » Jeroen Wittock
      • » Guillem Vega
      • » Bapi Lagardo
      • » Roger Young
      • » Christophe Fauveau
      • » Figen Ehliz
      • » Chintan Ranchhod
    • » Central and Eastern Europe
      • » Agata Sledzinska
      • » Luděk Veselý
      • » Pavel Stefanov
      • » Mariya Andonova
      • » Kristina Angelova
      • » Yasen Spasov
      • » Cristian Mateiescu
      • » Selim Kolgec
      • » Teodora Spasova
    • » Russia
      • » Alexander Biryukov
    • » Middle East
      • » Nada Al-Ameri
      • » Mohammad Al-Kady
      • » Saïda Aït Mamma
      • » Nevin Mohamed Moheb
      • » Loay Abdulaziz Alayadhi
    • » Africa
      • » Elizabeth Ndegwa
      • » Stephen Ondiek
      • » Ernest Wambari
      • » Kerry-Lynn Thomson
      • » Alfonse Moses Opira
  • » Find Candidates

IT security coordinators, sometimes known as information security analysts, plan and implement security measures to protect clients' information and data from unauthorised access, deliberate attack, theft and corruption. They also put in place controls to allow secure transfer of files and data across computer networks like the internet.

Security coordinators deal with a range of threats to electronic information, which can include:

• hacking
• viruses, worms, spyware and Trojans
• denial of service attacks (overloading servers with useless data to bring them to a standstill)
• social engineering - "phishing" (luring users into passing confidential details to fake websites) and "pharming" (redirecting users to spoof websites by hijacking genuine web addresses)
• abuse of permissions by authorised system users.

Security coordinators use a number of different methods to combat threats and fix breaches. Their work varies depending on the nature of their job and their level of responsibility, but typically involves:

• assessing system and application risk, and developing plans to minimise potential threats
• designing new security systems or upgrading existing ones
• testing and evaluating security products
• contingency planning for disaster recovery in the event of security breaches
• simulating breaches to test procedures (known as penetration testing)
• investigating actual breaches and executing corrective actions
• reviewing security systems to test for weak points (known as vulnerability scanning)
• making sure procedures comply with national and international network security standards
• preparing reports and technical documentation
• supervising and training staff
• contributing to the company's overall security development strategy.

[ back to top ]

IT security coordinators normally work 35 to 40 hours a week, but may be on a call-out rota to deal with problems that occur outside office hours.

As a security coordinator, your work will normally be office-based. If you work for a consultancy or are self-employed, you will need to travel to clients' premises.

[ back to top ]

As an IT security coordinator, you need:

• an excellent knowledge of IT security systems, tools and procedures
• excellent communication skills
• strong analytical skills
• good project management skills
• the ability to interpret and evaluate data accurately
• an understanding of confidentiality issues
• a commitment to keep up to date with emerging security threats, technologies and trends
• an awareness of commercial risks and issues
• the ability to work under pressure and to deadlines
• a proactive approach and the ability to take responsibility
• a knowledge of information security standards and legislation.

[ back to top ]

You can get into this job by taking formal qualifications at degree level or higher, or by acquiring skills through workplace training. For both routes, employers will normally ask that you have proven experience as an IT professional with some responsibility for network security.

Your experience should cover different operating systems, such as Windows 2000/NT/2003, Unix and Linux platforms, and common security technologies and procedures. These include:

• firewall configuration
• anti-virus software
• intrusion detection systems (IDS)
• encryption techniques, such as Public Key Infrastructure (PKI) and Secure Socket Layer (SSL)
• authentication (passwords, digital certificates and, more recently, biometrics)
• penetration testing and vulnerability scanning.

You should also be familiar with common corporate and regulatory guidelines. These include:

• international information security standard BS7799 and its successor - ISO/IEC 27001
• the Data Protection and Freedom of Information Acts
• the IT Infrastructure Library (ITIL) framework, detailing best practice.

For more details about these guidelines, see the ITIL and British Standards Institute websites in Further Information below.

You may be able to start as a trainee security coordinator after completing a degree or postgraduate qualification. Relevant subjects include network security, networking and information security, computer science (with security options) and forensic computing.

You can also use experience in related areas of IT to move into this field. Relevant experience could be gained whilst working as a systems analyst, database administrator, network engineer or network manager.

For more information about careers, standards and trends in IT security, see the e-skills UK, British Computer Society (BCS) and the International Information Systems Security Certification Consortium (ISC) 2 websites in Further Information below.

[ back to top ]

Once working as an IT security coordinator, you can choose from many different options including company graduate training schemes and postgraduate awards in information security. You can also take one of several IT security certifications available to professionals in this sector. These include:

Systems Security Certified Practitioner (SSCP) requires a minimum of one year's experience in one or more of the areas covered by the certification:

• access control and administration
• audit and monitoring
• cryptography
• data communications
• malicious code and malware
• risk, response and recovery.

For more details see the ISC ² website below.

Cisco Information Security Specialist (CISS) is aimed at network engineers who already have the CCNA certification. See the profile for Network Engineer for details. Cisco also offers a series of other security certifications. See the Cisco website.

Microsoft Certified Systems Engineer (MCSE) and Systems Administrator (MCSA) certification both contain security options. It is recommended that you have 12 months' experience of administering and maintaining network security to do the MCSA. You should have 2 years' experience in design and planning security systems for the MCSE. See the Microsoft website below for more details.

CompTIA Security+ is for security professionals with two or more years' experience. This is often a pre-requisite for more advanced certification programmes like those below. For details, see CompTIA in Further Information.

Certified Information Systems Security Professional (CISSP) is geared towards professionals working at intermediate and senior level, with three to fours years' experience. It covers ten security areas. Details are on the CISSP website below.

Certified Information Security Manager (CISM) is aimed at senior staff with five years' experience of managing security systems. This is reduced if candidates already hold university qualifications and certification awards. The emphasis is on your competence in strategic management and implementation rather than technical skills. See the Information Systems Audit and Control Association (ISACA) below.

CESG Listed Adviser Scheme (CLAS) is a common requirement for security consultants working for government departments, approved contractors and public sector organisations like the police. Membership of the Communications Electronics Security Group (CESG) allows them to work with sensitive information. Professionals gain certification of their skills through the Infosec (information security) Training Paths and Competencies (ITPC) programme. For more details see the CESG and ITPC websites.

The British Computer Society (BCS) and e-skills have details about professional development in the IT sector. Further information about professional development is also available on the Skills Framework for the Information Age (SFIA) website below.

[ back to top ]

IT security coordinators work for public service organisations, local authorities, government departments, financial institutions and software manufacturers. They can also work for specialist IT security consultancies.

Recent surveys of the IT industry suggest that information security is a top priority for IT directors and will continue to be so for the foreseeable future. Rapid changes in technology, such as the expansion of wireless networks (WiFi) and mobile technologies have seen a corresponding evolution in the nature of security threats. Opportunities for IT security professionals are therefore excellent.

There is currently demand in this field for a range of skills, such as:

• security auditing and risk assessment
  
• CLAS consultancy
• technical installation
• internet and email security
• security awareness training.

Your progression options include moves into network management, IT project management and security consultancy. Experienced coordinators are employed by the police, security services and specialist law firms to undertake forensic investigation of computer-based crimes.

[ back to top ]

Figures are intended as a guideline only.
Rates of pay are often negotiable dependant on experience and length of contract. Salaries can fall anywhere between £25,000 and £60,000.

[ back to top ]

e-skills UK
www.e-skills.com

British Computer Society
www.bcs.org.uk

Skills Framework for the Information Age (SFIA)
www.sfia.org.uk

International Information Systems Security Certification Consortium (ISC)² www.isc2.org

IT Infrastructure Library (ITIL)
www.itil.co.uk

British Standards Institute (BSI)
www.bsi-global.com

Microsoft UK
www.microsoft.com/uk

The Computer Technology Industry Association (CompTIA)
www.comptia.org

Certified Information Systems Security Professional (CISSP)
www.cissp.com

Information Systems Audit and Control Association (ISACA)
www.isaca.org

Communications Electronics Security Group (CESG)
www.cesg.gov.uk

Infosec Training Paths and Competencies (ITPC)
www.cabinetoffice.gov.uk/infosec

[ back to top ]

• Twitter
• Delicious
• Digg
• Facebook
• Send to a friend