Career Options
ImagePenetration Testing & Vulnerability Assessment

The best way to judge the security of a network or an application is to try to hack into it yourself. Organizations have realized security testing is an ongoing process and not just a one-time effort. New vulnerabilities are discovered every day, and so are their patches. It has become mandatory for most organizations to deploy a dedicated team to manage security and this team must be capable of running penetration tests on the network and application on a regular basis to check for vulnerabilities and suggest suitable countermeasures. The natural progression for a network professional would be to move into network security by obtaining relevant certifications from organizations like EC-Council and SANS Institute.

Computer Forensics & Incident Response

Most corporate organizations have evolved dedicated teams for incident response with adequate knowledge of computer forensics. With increasing computer related crimes and misdemeanors in the corporate world it is extremely important to present digital evidence which is admissible in a court of law for senior management to take suitable action. Specific certifications on computers forensics and incident handling are available from organizations like EC-Council and SANS Institute.

Application Security Testing

Application security testing has now become an integral part of project management. Almost all application development is now web based and requires vulnerability assessment prior to deployment either internally or at client’s site.

Adopting secure coding practices and doing secure code review is a mandatory requirement to ensure the inherent risks in web applications are reduced to the maximum extent possible. Knowledge of various tools used for identifying web application vulnerabilities are a must.

Information Security Management

All organizations need to define and implement specific security policy & guidelines ideally suited for their business environment. Security Management is usually handled by senior professionals with certifications like CISSP and CISM.

Complying with international standards such as ISO/IEC 27001 gives credibility to the organizations ISMS initiatives. Understanding the requirements of ISO/IEC 27001 can be achieved through various courses such as Foundation, Implementation & Internal Audit. The Lead Auditor certification is useful for handling the ISMS certification audit.

Information Systems Audit

Information Systems audits are fast becoming the need of the hour for most organizations. Systems & processes within organizations need to be audited on a regular basis to ensure that unauthorized access is restricted and the required level of assurance is provided to customers. This is especially true for banking and financial institutions. A certification like CISA is considered mandatory to perform IS Audits.

IT Service Management

Organizations involved in providing IT service support & IT service delivery usually adopt best practices framework like ITIL and later comply with international standards such as ISO/IEC 20000 to demonstrate the maturity level of their service delivery and support processes.

Implementation of the ITIL framework is usually done by professionals with ITIL Expert certification. Understanding the requirements of ISO/IEC 20000 can be achieved through various courses such as Foundation, Implementation & Internal Audit. The Lead Auditor certification is particularly useful for the ISO 20000 certification audit.

Risk & Compliance

All IT Governance, Risk and Compliance initiatives typically evolve based on global best practices. With today’s global environment revolving around concepts like outsourcing and remote infrastructure management, Governance, Risk & Compliance or GRC plays a vital role for any organization which wishes to position itself strategically in the market.

Adopting frameworks like COBIT help organizations improve existing processes and controls besides giving the required assurance to customers.

Any organization which aspires to get listed in global stock exchanges such as NASDAQ is required to ensure better governance with more transparency and control over financial reporting as per the Sarbanes-Oxley (SOX) Act. And organizations which handled outsourced work are required to get compliance attestations like SSAE 16 and ISAE 3402.

BCP & DR

Most organizations have already implemented business continuity & disaster recovery plans to ensure business operations continue with minimal downtime in the event of any disruption. However, these BCM processes must be reviewed and audited on a regular basis to ensure integration with a greater number of enterprise processes. Complying with standards such BS 25999 help organizations move up the value chain.

Customer Feedback