The latter is why I'm so enthusiastic about the arrival of the Institute of Information Security Professionals (IISP) earlier this year.
This is a serious milestone for the security community. A few might believe that our world is already full of enough acronyms, not to mention security qualifications and certifications. But while the latter are undoubtedly valuable, they are no match for 'doing the job'.
It has been shown time and again that what counts in this area is proven experience as well as formal qualifications. The IT security arena has a rich supply of people with outstanding practical expertise, often combined with an almost frightening ability to stay one step ahead of those who try to breach our systems.
Nonetheless, before the IISP, such people did not have the profile or recognition they deserve. It is this combination of deep experience and formal qualifications that is so powerful and which is now getting recognition.
Does this really matter? Is a professional body so crucial? Why is BT (a major employer of IT security professionals) one of the founding corporate members of the IISP alongside the likes of BP, RBS, CESG and Vodafone? The reason is that it aspires to be among the best-of-breed companies in the digital networked economy.
IISP membership will be the internationally recognised gold standard qualification for infosec professionals as they progress through their careers. There is no doubt that the two clearly go hand in hand.
I'm very pleased that the institute has backing at the highest level within BT. Getting those who work in this area to join the IISP is seen as important in helping BT maintain its reputation as a business that is recognised for the highest standards in IT security. This is why I am actively encouraging everyone across BT to join the Institute. This includes the One IT Security, Risk and Compliance function, the Global Business Continuity and Security practice, and the Chief Technology Office security research division.
BT will also mirror the Institute's benchmarks for professional development by setting up a security professional community across all lines of business. There will be similar roles, as well as recognition schemes for people's work and contribution across this important area.
Finally, it seems as if professionals working in IT security will gain the standing and collective voice that has been sorely lacking.
I'm delighted – even if it does mean having to learn yet another acronym.
For more information about the IISP, visit www.instisp.com