Security consultants are professionals who advise companies and individuals on the best ways to protect digital assets, physical property, and personal safety. Risk assessment is a big part of the job. Consultants will implement a plan for the client to install technology or revamp procedures to meet their security needs. There are numerous fields in which the consultant can work. Certification as a security consultant has stringent requirements, is subject to renewal, and requires upgrading skills on a regular basis.
The first thing security consultants will do is meet with clients and discuss concerns. They will perform risk assessments detailing weak areas in computer security or personnel risks. Some firms offer training for employees involving mail handling, personal safety, and building access. Different industries have special needs, such as healthcare facilities, whose physical plants are open to the public in many areas.
Security consultants are in big demand by school systems and companies with large digital databases. Both jobs are highly specialized, and schools will have different needs from companies in regards to access and privatization of personal information. The job carries a great deal of pressure, since a breach in security will reflect badly on the consultant who designed the system.
Agriculture and food manufacturers as well as oil, gas, and chemical facilities may employ security consultants to ensure their materials are not compromised. A good system will protect against internal and external theft and secure storage, shipping, and receiving in order to avoid activity dangerous to the product’s consumers. Terrorism targeting these industries is a prime consideration.
Security consultants also draft emergency response plans for clients. They start with threat assessment and develop processes for designated individuals at the company to implement in an emergency or natural disaster. The consulting company will also provide training to establish response procedures. Both preventive measures and decrease of consequences are addressed.
Some computer security consultants are former hackers who have entered the profession after seeing firsthand how vulnerable companies are to data theft. If they have been convicted of a felony, they are not eligible for certification through the International Association of Professional Security Consultants (IAPSC). A degree in computer science is helpful in obtaining this job. Engineering degrees and CAD experience are useful for designing intrusion detection systems and surveillance systems, along with access control.
The IAPSC requires a bachelor's degree and three years' professional experience or at least eight years experience for a security consultant certification. Candidates will have to sign a statement swearing their independence from any particular vendor, and may not sell or endorse specific products. This is to ensure there is no conflict of interest and consultants work in the best interest of the client. Criminal or civil investigators are not eligible.