Today, we'll review a couple of recent announcements from (ISC)2, the industry body that runs the highly-regarded and highly sought-after Certified Information Systems Security Professional (CISSP) certification. It has published a hiring guide that although is aimed at managers looking to recruit security specialists, the content could also be useful to IT pros interested in entering the security industry or for existing security personnel wanting an inside look at how they can better present themselves to potential new employers. The industry body also launched an online self-assessment tool that enables security pros to assess their knowledge of the (ISC)2 CBK taxonomy of information security topics - the foundation for all (ISC)2 certifications.

The hiring guide discusses the basics such as the type of job functions that exist, the ideal traits of an information security professional, a typical career path, and the certifications required (unsurprisingly this is the chapter where (ISC)2 plugs its range of certs for security pros).

The guide notes that gone are the days when employers hired a single 'security engineer' who worked with the IT department. Today, employers are more likely to seek specific roles such as forensic specialist, security architect, chief information security officer, information assurance manager, and compliance officer. Their role has also expanded to include identity and access management, vulnerability management and application security. As with most senior IT positions these days, employers want security pros with a good mixture of technical and business knowledge.

This leads to the ideal traits of a security pro, which (ISC)2 lists as having a keen understanding of technology and the ability to leverage that to implement effective security systems; an understanding of the employer's industry and place in the market, in addition to its regulatory and legal requirements; and the ability to gain acceptance of security policies among all levels of workers in the company - something that is easier said than done.

(ISC)2 says there are two common career paths for security execs - as security technologists, or security manager/strategists. Don't be fooled in thinking that security technologists can just sit in a darkened network operating center and monitor traffic for suspicious activity. Technologists require as much business knowledge, and communications and collaboration skills as the more people-facing roles. Security managers require broad understanding of multiple technologies, presentation skills, particular knowledge of a business line or product, and the desire to manage broader risk issues.

Jon Brodkin is senior writer at Network World.