IT security coordinators, sometimes known as information security analysts, plan and implement security measures to protect clients' information and data from unauthorised access, deliberate attack, theft and corruption. The work also involves putting in place controls to allow secure transfer of files and data across computer networks like the internet.

IT security coordinators deal with a range of threats to electronic information, which can include:

• hacking
• viruses, worms, spyware and Trojans
• denial of service attacks – overloading servers with useless data to bring them to a standstill
• 'phishing' – luring users into passing confidential details to spoof websites
• 'pharming' – redirecting users to fake websites by hijacking genuine website addresses
• abuse of permissions by authorised system users.

Security coordinators use a number of different methods to combat threats and fix breaches. Although the work may vary, depending on the employer and the level of responsibility, it will normally include:

• risk assessing systems and applications, and developing plans to minimise potential threats
• designing new security systems or upgrading existing ones
• testing and evaluating security products
• contingency planning for disaster recovery in the event of security breaches
• simulating breaches to test procedures (known as penetration testing)
• investigating actual breaches and executing corrective actions
• reviewing security systems to test for weak points (known as vulnerability scanning)
• making sure procedures meet national and international network security standards
• preparing reports and technical documentation

Security coordinators are also responsible for supervising and training staff, and working with operations managers to develop a company's overall security strategy.

Hours and Environment

As an IT security coordinator you will normally work 35 to 40 hours a week but may be on a call-out rota to deal with problems that occur outside office hours.

Your work will be mainly office based, but if you work for a consultancy or are self-employed you will need to travel to clients' premises.

Skills and Interests

As an IT security coordinator, you need:

• an excellent knowledge of IT security systems, tools and procedures
• excellent communication skills
• strong analytical skills
• good project management skills
• the ability to interpret and evaluate data accurately
• an understanding of confidentiality issues 
• a commitment to keep up to date with emerging security threats, technologies and trends
• an awareness of commercial pressures
• the ability to work under pressure and to deadlines
• a proactive approach and able to take responsibility
• a knowledge of information security standards and legislation.

Entry

You can get into IT security by taking formal qualifications at degree level or higher, or by acquiring skills through workplace training. For both routes, employers will ask that you have proven experience as an IT professional with some responsibility for network security.

Your experience should cover different operating systems, such as Windows 2000/NT/2003, Unix and Linux platforms, and common security technologies and procedures. These include:

• firewall configuration
• anti-virus software
• intrusion detection systems (IDS)
• encryption techniques, such as Public Key Infrastructure (PKI) and Secure Socket Layer (SSL)
• authentication (passwords, digital certificates and, more recently, biometrics)
• penetration testing and vulnerability scanning.

You should also be familiar with common corporate and regulatory guidelines, including:

• international information security standard BS7799 and its successor - ISO/IEC 27001
• the Data Protection and Freedom of Information Acts
• the IT Infrastructure Library (ITIL) framework, detailing best practice.

For more details about these guidelines, see the British Standards Institute and ITIL websites.

You may be able to start as a trainee security coordinator after completing a degree or postgraduate qualification. Relevant subjects include network security, computer science (with security options) and forensic computing.

You can also use experience in related IT roles to move into this job, for example systems analyst, database administrator or network engineer.

For more details about careers, standards and trends in IT security, see the e-skills UK and British Computer Society (BCS) websites in Further Information.

Training

Once you are working as an IT security coordinator, you can choose from many different development options including graduate training schemes and postgraduate awards in information security. You can also take one of several IT security certifications available to professionals in this sector. The most widely recognised certifications are outlined below.

Systems Security Certified Practitioner (SSCP)/ Certified Information Systems Security Professional (CISSP)
Both require between 1 and 4 years' experience in the this field and cover several areas, including:

• access control and administration
• audits and monitoring
• cryptography and data communications
• malicious code and malware
• risk, response and recovery
• telecommunications and network security
• security architecture and design.

See the International Information Systems Security Certification Consortium (ISC 2) for more details.

Cisco Information Security Specialist (CISS)
This is aimed at network engineers who already have the CCNA certification (see the Network Engineer for details of CCNA). Cisco also offers a series of other security certifications. See Cisco Systems (UK and Ireland).

Microsoft Certified Systems Engineer (MCSE)/ Systems Administrator (MCSA) 
Both certifications contain security options. It is recommended that you have 12 months' experience of administering and maintaining network security to do the MCSA. You should have 2 years' experience in design and planning security systems for the MCSE. See Microsoft (UK).

CompTIA Security+ 
For security professionals with two or more years' experience. This is often a pre-requisite for more advanced certification programmes. See CompTIA for details.

Certified Information Security Manager (CISM)
This is aimed at senior staff with five years' experience of managing security systems. If you already hold a university qualification and a certification award, you may need less than five years' experience. The emphasis is on your competence in strategic management and implementation rather than technical skills. See the Information Systems Audit and Control Association (ISACA) for further details.

CESG Listed Adviser Scheme (CLAS)
Security consultants working for government departments, approved contractors and public sector organisations like the police, may be required to register for membership of the Communications Electronics Security Group's (CESG) Listed Adviser Scheme (CLAS). This allows them to work with sensitive information. Professionals gain certification of their skills through the Infosec (information security) Training Paths and Competencies (ITPC) programme. For more details about CLAS, see the CESG and ITPC websites.

The British Computer Society (BCS) and e-skills have details about professional development in the IT sector. Further information about professional development is also available on the Skills Framework for the Information Age (SFIA) website below.

Opportunities

IT security coordinators work for public service organisations, local authorities, government departments, financial institutions and software manufacturers. Coordinators also work for specialist IT security consultancies.

Recent surveys of the IT industry suggest that information security is a top priority for IT directors and will continue to be so for the foreseeable future. Rapid changes in technology, such as the expansion of wireless networks (WiFi) and mobile technologies have seen a corresponding evolution in the nature of security threats. Therefore, opportunities for security professionals are excellent.

There is currently a demand in this field for a range of skills, such as:

• security auditing and risk assessment
• CLAS consultancy
• technical installation
• internet and email security
• security awareness training.

Your progression options include moves into network management, IT project management and security consultancy. Experienced coordinators are employed by the police, security services and specialist law firms to carry out forensic investigation of computer-based crimes.

Annual Income

Figures are intended as a guideline only.

Rates of pay are often negotiable dependant on experience and length of contract. Salaries can fall anywhere between £25,000 and £60,000.

Further information

1 Castle Lane
London
SW1E 6DR 1 Sanford Street
Swindon
Wiltshire
SN1 1HJ