IT Security Coordinator

The Work
Hours and Environment
Skills and Interests
Entry
Training
Opportunities
Annual Income
Further information

The Work

IT security coordinators, sometimes known as information security analysts, plan and implement security measures to protect clients' information and data from unauthorised access, deliberate attack, theft and corruption. They also put in place controls to allow secure transfer of files and data across computer networks like the internet.

Security coordinators deal with a range of threats to electronic information, which can include:

• hacking
• viruses, worms, spyware and Trojans
• denial of service attacks (overloading servers with useless data to bring them to a standstill)
• social engineering - "phishing" (luring users into passing confidential details to fake websites) and "pharming" (redirecting users to spoof websites by hijacking genuine web addresses)
  
• abuse of permissions by authorised system users.

Security coordinators use a number of different methods to combat threats and fix breaches. Their work varies depending on the nature of their job and their level of responsibility, but typically involves:

• assessing system and application risk, and developing plans to minimise potential threats
• designing new security systems or upgrading existing ones
• testing and evaluating security products
• contingency planning for disaster recovery in the event of security breaches
• simulating breaches to test procedures (known as penetration testing)
• investigating actual breaches and executing corrective actions
• reviewing security systems to test for weak points (known as vulnerability scanning)
• making sure procedures comply with national and international network security standards
• preparing reports and technical documentation
• supervising and training staff
• contributing to the company's overall security development strategy.

Hours and Environment

IT security coordinators normally work 35 to 40 hours a week, but may be on a call-out rota to deal with problems that occur outside office hours.
As a security coordinator, your work will normally be office-based. If you work for a consultancy or are self-employed, you will need to travel to clients' premises.

Skills and Interests

As an IT security coordinator, you need:

• an excellent knowledge of IT security systems, tools and procedures
• excellent communication skills
• strong analytical skills
• good project management skills
• the ability to interpret and evaluate data accurately
• an understanding of confidentiality issues
• a commitment to keep up to date with emerging security threats, technologies and trends
• an awareness of commercial risks and issues
• the ability to work under pressure and to deadlines
• a proactive approach and the ability to take responsibility
• a knowledge of information security standards and legislation.

Entry

You can get into this job by taking formal qualifications at degree level or higher, or by acquiring skills through workplace training. For both routes, employers will normally ask that you have proven experience as an IT professional with some responsibility for network security.
Your experience should cover different operating systems, such as Windows 2000/NT/2003, Unix and Linux platforms, and common security technologies and procedures. These include:

• firewall configuration
• anti-virus software
• intrusion detection systems (IDS)
• encryption techniques, such as Public Key Infrastructure (PKI) and Secure Socket Layer (SSL)
• authentication (passwords, digital certificates and, more recently, biometrics)
• penetration testing and vulnerability scanning.

You should also be familiar with common corporate and regulatory guidelines. These include:

• international information security standard BS7799 and its successor - ISO/IEC 27001
• the Data Protection and Freedom of Information Acts
• the IT Infrastructure Library (ITIL) framework, detailing best practice.

For more details about these guidelines, see the ITIL and British Standards Institute websites in Further Information below. You may be able to start as a trainee security coordinator after completing a degree or postgraduate qualification. Relevant subjects include network security, networking and information security, computer science (with security options) and forensic computing. You can also use experience in related areas of IT to move into this field. Relevant experience could be gained whilst working as a systems analyst, database administrator, network engineer or network manager. For more information about careers, standards and trends in IT security, see the e-skills UK, British Computer Society (BCS) and the International Information Systems Security Certification Consortium (ISC) 2 websites in Further Information below.

Training

Once working as an IT security coordinator, you can choose from many different options including company graduate training schemes and postgraduate awards in information security. You can also take one of several IT security certifications available to professionals in this sector. These include: Systems Security Certified Practitioner (SSCP) requires a minimum of one year's experience in one or more of the areas covered by the certification:

• access control and administration
• audit and monitoring
• cryptography
• data communications
• malicious code and malware
• risk, response and recovery.

For more details see the ISC ² website below. Cisco Information Security Specialist (CISS) is aimed at network engineers who already have the CCNA certification. See the profile for Network Engineer for details. Cisco also offers a series of other security certifications. See the Cisco website. Microsoft Certified Systems Engineer (MCSE) and Systems Administrator (MCSA) certification both contain security options. It is recommended that you have 12 months' experience of administering and maintaining network security to do the MCSA. You should have 2 years' experience in design and planning security systems for the MCSE. See the Microsoft website below for more details. CompTIA Security+ is for security professionals with two or more years' experience. This is often a pre-requisite for more advanced certification programmes like those below. For details, see CompTIA in Further Information. Certified Information Systems Security Professional (CISSP) is geared towards professionals working at intermediate and senior level, with three to fours years' experience. It covers ten security areas. Details are on the CISSP website below. Certified Information Security Manager (CISM) is aimed at senior staff with five years' experience of managing security systems. This is reduced if candidates already hold university qualifications and certification awards. The emphasis is on your competence in strategic management and implementation rather than technical skills. See the Information Systems Audit and Control Association (ISACA) below. CESG Listed Adviser Scheme (CLAS) is a common requirement for security consultants working for government departments, approved contractors and public sector organisations like the police. Membership of the Communications Electronics Security Group (CESG) allows them to work with sensitive information. Professionals gain certification of their skills through the Infosec (information security) Training Paths and Competencies (ITPC) programme. For more details see the CESG and ITPC websites. The British Computer Society (BCS) and e-skills have details about professional development in the IT sector. Further information about professional development is also available on the Skills Framework for the Information Age (SFIA) website below.

Opportunities

IT security coordinators work for public service organisations, local authorities, government departments, financial institutions and software manufacturers. They can also work for specialist IT security consultancies. Recent surveys of the IT industry suggest that information security is a top priority for IT directors and will continue to be so for the foreseeable future. Rapid changes in technology, such as the expansion of wireless networks (WiFi) and mobile technologies have seen a corresponding evolution in the nature of security threats. Opportunities for IT security professionals are therefore excellent. There is currently demand in this field for a range of skills, such as:

• security auditing and risk assessment
  
• CLAS consultancy
• technical installation
• internet and email security
• security awareness training.

Your progression options include moves into network management, IT project management and security consultancy. Experienced coordinators are employed by the police, security services and specialist law firms to undertake forensic investigation of computer-based crimes.

Annual Income

Figures are intended as a guideline only. Rates of pay are often negotiable dependant on experience and length of contract. Salaries can fall anywhere between £25,000 and £60,000.

Further information

e-skills UK
www.e-skills.com British Computer Society
www.bcs.org.uk

Skills Framework for the Information Age (SFIA)
www.sfia.org.uk

International Information Systems Security Certification Consortium (ISC)²
www.isc2.org

IT Infrastructure Library (ITIL)
www.itil.co.uk

British Standards Institute (BSI)
www.bsi-global.com

Microsoft UK
www.microsoft.com/uk

The Computer Technology Industry Association (CompTIA)
www.comptia.org

Certified Information Systems Security Professional (CISSP)
www.cissp.com

Information Systems Audit and Control Association (ISACA)
www.isaca.org

Communications Electronics Security Group (CESG)
www.cesg.gov.uk

Infosec Training Paths and Competencies (ITPC)
www.cabinetoffice.gov.uk/infosec/

Download PDF

---

This month's profile has been supplied by Ufi Ltd the organization behind learndirect, one of the UK’s leading online training specialists. © Ufi Limited 2000. All rights reserved. learndirect is a registered trade mark of Ufi.

To find out more about learndirect and the services they offer, visit their website http://www.learndirect-advice.co.uk

back to top