By Warwick Ashford, Security Editor
“The first generation created the basics of security, the next generation started to write it down and codify it, and the generation after that were the first to begin to see it as a career, but a mainly technology-focused career,” he told Computer Weekly.
“But we are now on to the next generations that see security as being a blend of social, people and technology, and to be successful, we have to be capable across all of them and a specialist in one or more, which shows that the profession is beginning to mature,” he said.
This means that in addition to being a technologist, information security professionals typically have a good understanding of risk and are able to communicate with people in the business they support.
“Information security professionals are also increasingly expected to learn, develop and behave like any other professional,” said Davis.
He believes that professional bodies such as (ISC)2 have an important role to play to support information security professionals beyond providing certifications.
“It is no longer just about the exam and the certificate, but also about where an individual goes from there, and so all professional bodies have the responsibility to help drive growth and development.”