Mike's random thoughts and ramblings

The 10 Skill Domains of a Personal Security Certification

I recently announced the idea of a Personal Security Certification in the same vein as the Personal MBA. In coming up with that that type of certification, the first question I asked myself was:

If I could build the perfect information security engineer, what technical skills would she have?

I realized that whatever I came up with, the person would have to have some background in IT to build on - the point of a personal security certification isn't to create a program that someone with no experience could use. But, given some rudimentary background in IT (e.g. a computer science degree or a couple of years in the industry), I came up with the following 10 domains that comprise a Super-Star Security Engineer:

Domain 1 - Information Security Concepts
Domain 2 - Business Concepts
Domain 3 - Data Networking
Domain 4 - Problem Solving Skills
Domain 5 - Software Engineering / Coding
Domain 6 - Quality Assurance
Domain 7 - Time, Life & Career Management
Domain 8 - Operating System Internals
Domain 9 - Penetration and Exploits (i.e. Breaking In to Things)
Domain 10 - Reverse Engineering Software

The list isn't meant to be in order - while there are some domains that definitely build on others, most can be taken in any order, based on experience and interest. I recommend starting with the domain that interests you best - the point is that, over the course of a year or two, mastery of each of these 10 domains is required to really become an incredible security engineer.

The next post in this series is going to be about the things you need to learn in the first domain of Information Security Concepts.

Share this post

About the author

Michael Murray

Michael Murray