Understanding security experts

To understand what is security expert for the ICT industry, let's evaluate it from two angles.

1. Job

1a. Information Security Consultant (Singapore)


* Review and develop information security policies, processes/procedures and guidelines
* Establish compliance with information security policies
* Review security technologies implementation to ensure compliance
* Conduct information security review including compliance, log analysis, assessment on information security procedures in data, hardware and software
* Involve in penetration tests, security assessment and incidents management
* Conduct information security awareness
* Perform as Security Liaison Officer in Managed Service projects


* Degree in Computer Science, Engineering, Information Systems and/or equivalent formal training or work experience
* At least 3 years’ relevant working experience
* Manage information security management framework, policies, process/procedure and information security assessment
* Good working knowledge of risk management principles, physical security, business continuity management, application security and network infrastructure security technologies such as system hardening, anti-virus, proxies, IDS/IPS, firewall, VPN and monitoring
* Possess or planning to obtain professional information security certification (e.g. CISSP, CISA, CISM, GIAC)
* Must be customer focused with good interpersonal skills
* A strong team player with sound leadership qualities
* Singaporean or Singapore PR

1b. Senior Security Consultant

Both of these roles require one to be commercially focused and to possess the following skills and experience:

- ISO:17799 & BS:7799 risk assessment exp
- Network security assessment exp
- Enterprise risk assessment exp (large scale)
- Penetration testing exp
- Proven delivery capabilities in a commercial environment
- Solid negotiation skills
- Fluent English, Cantonese &/or Mandarin

2. Education

Master of Information Systems Security
Multi Platform Stream

Course Aims and Objectives

The aim of this course is to provide professionals in the IT industry with an advanced course of study in designing, planning, and implementing enterprise level security as part of a secure computing environment and integrates industry certification in these fields.

Upon completion of this course, graduates will posses:

* advanced skills in the design, implementation and management of secure computer networks
* the following industry certifications:
- Check Point Security Administrator (CCSA)
- Check Point Certified Security Expert (CCSE)
- Microsoft Certified Professional (MCP)
- Computer Technology Industry Association (CompTIA) Security+
- Cisco Certified Network Associate (CCNA)
* higher order network design knowledge and skills
* an informed and reflexive perspective on IT Security issues
* problem-solving skills and methodologies when troubleshooting and documenting complex computing problems
* the ability to analyse complex client business security requirements and select appropriate solutions
* skills in the development of leading edge security solutions that meets customer business objectives for functionality and performance.


There are two types of certifications, awarded by different bodies.

1. Vendors awarded
Checkpoint Security Expert

# How to use NGX tools to upgrade to VPN-1 NGX, from VPN-1/FireWall-1 NG or VPN-1 NG with Application Intelligence
# How to use NGX tools to install VPN-1 NGX on Windows Server 2003 and SecurePlatform
# How to work with Security Policy rules and NGX objects, using NGX object cloning and Database Revision Control features
# How to use VPN-1 SecuRemote/SecureClient to configure remote access
# How to use monitoring tools to track, monitor, and account for all connections logged by Check Point components
# How to implement LDAP, and integrate it with an NGX SmartCenter Server
# How to allocate bandwidth, given a variety of Check Point QoS configurations
# How to identify the features and limitations of Check Point High Availability solutions

2. CompTIA + Security

The CompTIA Security+ certification tests for security knowledge mastery of an individual with two years on-the-job networking experience, with emphasis on security. The exam covers industry-wide topics, including communication security, infrastructure security, cryptography, access control, authentication, external attack and operational and organization security.

2. Professional bodies awarded
2a. (e.g. CISSP, CISA, CISM, GIAC)
2b. ISO:17799 & BS:7799 risk assessment

The bottom line IT aspects ...
  • Network infrastructure security technologies
  • System hardening
  • Anti-virus
  • Proxies
  • Firewall
  • VPN
  • Monitoring techniques
  • LDAP
There is currently no such requirement for employment in Malaysia... Even having compTIA andCheckPoint certifications is not demanded in Singapore.

To obtain certifications like CISSP requires relevant industrial attachments and it is NOT cheap. Thus, to start off with, I would still think that obtaining the following certifications is ideal.

- Microsoft Certified System Engineer (MCSE)
- Cisco Certified Network Professional (CCNP)

Where both not only emphasize on products' specific knowledge, also on general computer networking techniques.