Rhand Leal
June 7, 2021
If you want to pursue a career in information security, you may be wondering how to get started with it, when there’s such a variety of laws and regulations enforcing information protection. ISO 27001 the leading ISO standard for information security management, might be the right choice for professionals looking towards an information security career.
But where do you begin your learning path? In this article, you will learn some options on where to start learning about ISO 27001 and information security, the trainings available, and which one is more suitable for you.
Information security knowledge based on ISO 27001 can be very beneficial to professionals, because ISO 27001 is growing as a standard adopted by organizations worldwide. This means you can:
Find a job more easily, since ISO 27001 provides qualifications for professionals to work in virtually any situation involving information security—and today, cybersecurity is a growing trend as well. This is also valid if you’re a consultant; you will find new clients more easily if you can demonstrate your competence with a certificate from a course.
Be better recognized in your existing job, demonstrating that you are up to date with some of the most-used practices for planning, implementation, operation, control, and improvement of information security.
Advance more easily within an organization, because with ISO 27001 knowledge, a professional can go for different specific fields, such as information security management or information security management assurance (i.e., auditing), or go deeper into the technical aspects (e.g., secure software development, communications security, etc.).
To get ISO 27001 knowledge and skills, the most common alternatives are:
Because ISO 27001 requirements related to competencies define these and can be fulfilled by means of education, training, or experience, the choice for acquiring competencies will depend on your objectives and the needs of the industries you intend to work in.
For additional information about personal certifications, read: How personal certificates can help your company’s ISMS.
There are several different ISO 27001 courses available, and you should choose what is most appropriate for your professional objectives:
For more information about choosing an ISO 27001 training, read: How to choose the most appropriate training.
Because information security covers several fields of knowledge, you should first decide which ones to focus on, either to start on or to master them, and after that, consider the most relevant trainings and best practices related to those. For example:
Field of Knowledge | Typical Role | Training related to relevant knowledge | Rationale |
Secure software development | Security Architect | ISO 27001 Foundation Course | By understanding the standard’s requirements, a security architect can identify and prioritize security features to be included in developed software. |
Security management system | Security Consultant | ISO 27001 Lead Implementer | By understanding the implementation process, a consultant can be more efficient and effective, increasing his competitiveness. |
Secure software development | Penetration Tester | ISO 27001 Foundation Course | By understanding the standard’s requirements, a security architect can identify and prioritize security features to be included in developed software. |
Security assurance | Security Auditor | ISO 27001 Internal Auditor Course | By understanding the audit process, the security auditor can be more efficient and effective, better supporting the ISMS to fulfill its intended objectives and outcomes. |
Security assurance | Security Auditor | ISO 27001 Lead Auditor Course | By qualifying as a Lead Auditor, a professional fulfills one of the requirements to become a certification auditor. |
Security management | Chief Information Security Officer (CISO) | ISO 27001 Lead Implementer | By understanding the implementation process, the CISO can lead the process by himself, or be in a better position to evaluate and discuss implementation projects run by consultants. |
The growing demand for security personnel is an opportunity for changing your career. To be prepared for the best positions, you should define which role you want to have in information security, choose how to obtain the necessary knowledge, and then systematically go with your learning process to reach your professional objectives.
If you are still not convinced of the purpose and value of learning about information security, consider this: new threats, technologies, and methodologies will arise, and new skills will be required, and organizations will prioritize those professionals who have them. By investing in ISO 27001 courses, you will not only be starting an ISO 27001 career, but also showing organizations you are engaged, increasing your reputation and employability.
To get started with ISO 27001 training, check out one of the freely available ISO 27001 online courses .