So you want to be an IT Security Expert?

Which came first? Malicious hackers or information security experts?

After seeing countless information technology systems deployed and millions of dollars spent, I'm in the opinion that malicious hackers arrived on the scene first. Often systems and frameworks were put in place with little or no security measures.

Yes, information security awareness has increased in recent times, but that awareness came with a price - loss of customer data, trust and company reputation is often the currency.

In the near future, compliance regulations will be put in place to protect organisations from cyber attacks. They will be required to meet certain information security standards. But, like all standards, it's not the black and white that truly works; it's the people behind the implementation.

What about firewalls and anti-virus software? Aren't these systems supposed to keep intruders out? If regulations are to be put in place, won't software vendors be able to come up with suitable systems to meet the regulatory requirements?

According to Frost & Sullivan, the number of information security experts in 2010 was 2.28 million. The figure is expected to increase to an estimate of 4.24 million by 2015. It's safe to say this is one instance where technology will not be replacing the human brain anytime soon.

(Information security experts call themselves by a variety of titles, ranging from chief information security officer to ethical hackers - for the sake of consistency, we'll just call them information security experts here.)

I think we've come far enough without needing to define information security, but in a nutshell, I'd call them the gatekeepers of an organisation's network, information systems and technology framework.

But what does it take for an information security expert to, well, be an expert.

1. Certification

2. The ability to think like a hacker

That's it really. Bet you were expecting a much longer list.

Certification will help any budding information security expert stay competitive among their peers. Updating your certifications will reflect your passion in being the best in what you do. Professional bodies such as accountants, project managers and corrosion engineers require their professionals to be certified - why should information security be exempted?

It assures employers that you possess the necessary knowledge and skills to put in place and manage their information security framework and that you have the ability to deploy counter measures.

It's not just a piece of paper. It's going through a vigorous and technical training where you'll learn the types of exploits, vulnerabilities and counter measures. Lab intensive classes will expose you the essential security systems, penetration testing, intrusion detection and the list goes on.

At the end of a base level training and certification course, candidates will walk away with one very important skill - the ability to starting thinking like a hacker.

To think like a hacker, is sometimes to act like a hacker too. It's a necessary evil if you want to stay ahead of the bad guys. I'm not saying use your skills for malicious purposes; use this knowledge as part of your strategy to be a successful information security expert.

The ability to stay up to date with technologies and potential threats will play a large role in how successful you will be too. Anyone who's involved in this niche industry will tell you the same. Technology evolves rapidly, your knowledge must too.