I am sadly seeing a local trend (I do not know if it is the same abroad) of so-called “information security” experts advertising themselves as the holy grail for all security solutions that companies might need.

First of all, “information security” is not the correct term. My career is in “Information Security” in any of its forms of storage. Generally, when people speak of “information security,” they are only mentioning the tools used (firewalls, antivirus, IPS, etc.), which is not a correct reflection of the complexity involved in dedicating oneself to this field.

I even find it laughable to see how people who have not even opened a computer science book during their university studies are now the ones who know the most about security and, worse, appear on TV and in magazines advertising themselves.

Let’s say they are self-taught and have learned to manage technology despite it not being their field of study. What about information security studies? There are many world-class certifications that support an individual’s knowledge in this area. All very serious and some are minimum requirements to work in places like the DoD (Department of Defense) in the USA. Some of these are:

  1. CISA – Certified Information Systems Auditor – ISACA
  2. CISM – Certified Information Security Manager – ISACA
  3. CISSP – Certified Information Systems Security Professional – ISC2
  4. CEH – Certified Ethical Hacker – EC-COUNCIL
  5. GIAC – Sans Institute
  6. Security + – CompTia

The organizations that issue these certifications have existed for more than 30 years and require extensive study and passing rigorous examinations. Furthermore, recall that there are careers where security is studied, primarily at the master’s level.

None of the advertised “messiahs” of information security in Panama possess even one of these certifications, as their only function is to generate fear and achieve a quick sale so they are never heard from again until they have another product to sell us.

I urge everyone to carefully review the credentials of your “security merchants” and look at their references very carefully. Also, inform yourself well about the true meaning of this (http://en.wikipedia.org/wiki/Information_security) and above all do not let yourself be convinced by airy arguments that have no foundation, as this is the classic tactic in which fear is generated to achieve the quick sale and then deliver anything, making us all look bad who honestly dedicate ourselves to this profession.

Please feel free to send me your comments or questions on this topic. I am open to guiding you in the search for reference information that will help you distinguish true professionals from mere merchants.