IT Security Coordinator

What is the work like?

IT security coordinators, sometimes known as information security analysts, plan and carry out security measures to protect clients' information and data from unauthorised access, deliberate attack, theft and corruption. Security coordinators also put controls in place to allow the secure transfer of files and data across computer networks like the internet.

As a security coordinator, you would deal with a range of threats to electronic information, which could include:

• hacking
• viruses, worms, spyware and Trojans
• denial of service attacks – overloading systems with useless data to bring them to a standstill
• 'phishing' – luring users into leaving confidential details on spoof websites
• 'pharming' – redirecting users to fake websites by hijacking genuine website addresses
• abuse of permissions by authorised system users.

You would use a number of different methods to combat threats and fix security breaches. Your workload may vary, depending on your employer and your level of responsibility, but would normally include:

• assessing the risks to systems, and developing plans to minimise potential threats
• designing new security systems or upgrading existing ones
• testing and evaluating security products
• contingency planning for disaster recovery in the event of security breaches
• simulating breaches to test procedures (known as penetration testing)
• investigating actual breaches and carry out corrective actions
• testing systems for weak points (known as vulnerability scanning)
• making sure procedures meet national and international network security standards
• preparing reports and technical documentation for managers and users.

At a senior level, you would also be responsible for supervising and training staff, and working with operations managers to develop the company's overall security strategy.

What qualifications and experience will employers look for?

You can get into IT security by taking college qualifications at degree level or higher, or by gaining skills on the job. If you take the college route, you would need to complete a degree or postgraduate award in subjects such as network security, computer science (with security options) or forensic computing. These would allow you to start on a company's own training scheme.

Alternatively, you could use your work experience in related IT jobs to move into this kind of work, for example as a systems analyst, database administrator or network engineer. See the separate job profiles for these roles.

Whichever route you choose, employers will ask that you have proven experience as an IT professional with some responsibility for network security.

Your experience should cover different operating and server systems like Windows, Unix and Linux, and security technologies and procedures, such as:

• firewalls and anti-virus software
• intrusion detection systems (IDS)
• encryption techniques, such as Public Key Infrastructure (PKI) and Secure Socket Layer (SSL)
• authentication (passwords, digital certificates and, more recently, biometrics)
• penetration testing and vulnerability scanning.

You should also be familiar with common security standards and regulations, including:

• international information security standard BS7799 and its successor – ISO/IEC 27001
• the Data Protection and Freedom of Information Acts
• the IT Infrastructure Library (ITIL) framework, detailing best practice.

For more details about these guidelines, see the British Standards Institute and ITIL websites.

For more details about careers, standards and trends in IT security, see the e-skills UK and British Computer Society (BCS) websites.

What further training and development can I do?

Once you are working as an IT security coordinator, it is important that you continue to develop your career. You can do this by taking further training and industry-recognised certifications. Some of the most widely recognised certifications include: (links below open in a new window)

• ISC ² Systems Security Certified Practitioner (SSCP) / Certified Information Systems Security Professional (CISSP) – requires between one and four years' experience in this field.
  
  
• Cisco Information Security Specialist (CISS) – aimed at holders of the CCNA certification. Cisco also offers a series of other security certifications.
  
  
• Microsoft Certified Systems Engineer (MCSE) / Systems Administrator (MCSA) – both contain security options. It is recommended that you have 12 months' experience of administering and maintaining network security to do the MCSA. You should have 2 years' experience in design and planning security systems for the MCSE.
  
  
• CompTIA Security+ Certification – you normally need two or more years' experience in IT security to do this. It is often a foundation stage for more advanced certification programmes.
  
  
• ISACA Certified Information Security Manager (CISM) – requires five years' experience of managing security systems although this may be reduced if you have a university qualification and a certification award.
  
  
• CESG Listed Adviser Scheme (CLAS) / Infosec Training Paths and Competencies (ITCP) – you may take these awards if you are working as a security consultant for government departments, approved contractors or public sector organisations like the police. It allows you to work with sensitive information.

You can find further information about professional development options on the e-skills, BCS and Skills Framework for the Information Age (SFIA) websites.

Where can I go for more information?

Block D
North Star House
North Star Avenue
Swindon
Wiltshire
SN2 1FA

1 Castle Lane
London
SW1E 6DR

If you would like to discuss your career options with a learning adviser, call 0800 100 900 or use our online enquiry form

Alternatively, you can visit our website at: www.direct.gov.uk/careersadvice

Related profiles...

Network Engineer

Network Manager

IT Project Manager

Software Developer

Systems Analyst

Database Administrator

Forensic Computer Analyst