Career paths for security professionals typically depend on the industry. For a consultancy company, for example, it might be the same progression across all the departments, but for an end-user organisation it usually follows the path, outlined in the figure below.
Certifications for security professionals
Certified Information Security Professional CISSP (www.isc2.org)
CISSP® certification is a globally recognized standard of achievement that confirms an individual’s knowledge in the field of information security. CISSPs are information assurance professionals who define the architecture, design, management and/or controls that assure the security of business environments.
Certified Information Security Manager CISM (www.isaca.org)
The uniquely management-focused CISM certification promotes international security practices and recognizes the individual who manages designs, and oversees and assesses an enterprise’s information security. It demonstrates your information security management expertise.
Certified Information Systems Auditor CISA (www.isaca.org)
The CISA designation is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to manage vulnerabilities, ensure compliance and institute controls within the enterprise.
There are also more specific certifications for penetration testing (e.g. Offensive Security, CEH), project management (PMP, PRINCE2), IT service management (ITIL) or architecture (TOGAF, ISSAP). Technical security skills can also be developed through SANS Institute