In a brief published Friday, Gartner analyst Jay Heiser advised those outside the
"The term "infosec professional" is almost a contradiction in terms," he said in the brief. "The field has grown organically, and it remains ad hoc, with little agreement on what constitutes professionalism."
Though test-based certification programs do require individuals to demonstrate a minimum level of knowledge, these programs do not prove the soft skills and judgement necessary for good performance on the job, Heiser said.
IISP hopes to emulate the types of on-the-job mentoring, continuing education and certification used by more mature professions such as law and medicine to improve the information security field. Typically, however, these professions depend on industry organizations operating independently in many countries. IISP is unique in that it hopes to become an international body, Heiser said. He believes that it will take some time to determine whether it can actually succeed in the endeavor.
"It remains to be seen whether there will be enough cooperation and participation to build an institution for the chartering of individuals in this burgeoning field," he said. "It can only succeed if the market demands that the IISP become the authoritative professional development and standards-setting body."