Information Technology Security Consultants


Education and Training Requirements

High School

Take as many computer science courses in high school as possible—especially those in IT security, programming, and database management. Information technology security consultants frequently interact with colleagues and customers during meetings and phone calls, via e-mail and online collaboration software, and through written reports, so it’s important to develop excellent communication skills by taking English and speech classes and joining the debate club. If you plan to own a consulting firm, be sure to take classes in business, marketing, mathematics, and accounting. Other recommended classes include psychology, social studies, science, and foreign languages.

Postsecondary Education

You’ll need a minimum of a bachelor’s degree in computer security. If your school doesn’t offer such a major, you can earn a degree in computer science, programming, networking, or database management and a minor in computer security, or you can earn a graduate degree in information security. Some employers—especially large consulting firms such as Accenture and EY—prefer to hire consultants with a master’s degree.


Undergraduate and graduate certificates in Internet security, database management, computer science, programming, risk management, and business management are offered by many colleges and universities. For example, Harvard University offers a cybersecurity certificate to those who take The Cyber World: Hardware, Software, Networks, Security, and Management; The Cyber World: Governance, Threats, Conflict, Privacy, Identity, and Commerce; and two elective classes. Contact schools in your area to learn about available programs.

The IEEE Computer Society offers a certificate of achievement to those who complete the following security-related courses: Foundations of Software Security, Secure Software Design, Managing Secure Software Development,Cloud Governance and Security, and Secure Software Coding.

Other Education or Training

A variety of webinars, conference seminars, and other continuing education (CE) opportunities are provided by professional associations, government agencies, and product vendors. For example, the CERT Division offers in-person and online CE classes such as Fundamentals of Incident Handling; Practical Risk Management: Framework and Methods; Insider Threat Program Implementation and Operation; Secure Coding in C and C++; and Managing Computer Security Incident Response Teams. Other opportunities are provided by the High Technology Crime Investigation Association, Information Systems Security Association, (ISC)², SANS Institute, Association for Computing Machinery, IEEE Computer Society, CompTIA, and the Institute of Management Consultants USA.

Certification, Licensing, and Special Requirements

Certification or Licensing

North American–based information security professionals who were members of (ISC)² who were certified earned higher average annual salaries than those who were not certified, according to the 2019 (ISC)² Global Information Security Workforce Study. Those who are certified typically earn higher salaries and have more advancement opportunities than those who are not certified. 

(ISC)² offers several certification credentials to applicants who pass an examination and meet other requirements. Some of its designations include associate of (ISC)² (an entry-level credential), certified information systems security professional, systems security certified practitioner, certified cloud security professional, certified authorization professional, certified secure software lifecycle professional, and healthcare information security and privacy practitioner. SANS Institute, CompTIA, ISACA, Institute of Management Consultants USA, and vendors of Internet security software also provide certification programs.

Other Requierments

Some employers—especially government agencies and the financial industry—may require job applicants to undergo background checks. 

Experience, Skills, and Personality Traits

It will take several years of on-the-job experience as an IT security analyst or in a related position to become a full-fledged consultant. Participating in IT security–related summer internships and working at part-time jobs during college will provide you with a good introduction to the field—as well as some networking contacts once you’re ready to look for a job.     

Important traits for IT security consultants include top-notch communication and interpersonal skills; leadership ability; project management skills; the ability to assess risk; strong communication and interpersonal skills, including good listening skills; the ability to solve problems and work under stress; patience; self-motivation; good judgement; and a dedication to staying abreast of new technology, software, hardware, and IT security strategies.