ITIL Beneficial within Cyber Security?

Infosec85Infosec85 Member Posts: 192 ■■■□□□□□□□
Hello folks,

As the title suggests is the above certification beneficial within I.T security.

I have to be honest and say I don't know much about it, other than it relates to best practices etc. I've always assumed it was more a managerial sort of certification.

However looking at job descriptions for infosec roles I have seen it popping up quite a lot.

Can someone elaborate?

Many thanks!


  • Options
    OctalDumpOctalDump Member Posts: 1,722
    ITIL Foundation is good for anyone working in IT. It deals with how IT relates to business, which is really fundamental to delivering useful IT services. So even if you are the 'lowly' info sec guy managing firewalls, or trawling alerts from a SIEM, being able to ensure that the service you deliver is appropriate to the organisation's strategy is a good thing. Like other areas of IT, there is a risk to get carried away and deliver services that aren't entirely right for the company.

    ITIL provides a framework for IT to give the business what it needs, and also to help IT articulate what they can offer in a language that business can better understand.

    There is some value in higher level ITIL certifications for certain info sec roles. They deal with the management and delivery of IT services, which necessarily encompasses security. The CIA triad is fairly fundamental to IT services.

    Axelos, the people that run ITIL, also have a security framework, Resilia, which integrates with ITIL. However, I haven't seen that it has much visibility.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • Options
    Infosec85Infosec85 Member Posts: 192 ■■■□□□□□□□
    Thanks appreciate the insight icon_thumright.gif
  • Options
    ChinookChinook Member Posts: 206
    If you were a straight up pen-tester, probably not. If you're working in a larger company, government or hospital, yes it would. It can never hurt to have ITIL under your belt.
  • Options
    stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    ITIL is beneficial though not necessarily directly "cyber". I would recommend getting the Foundation cert then work on ISACA's COBIT. Give the link a read through, you might find it useful.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • Options
    DatabaseHeadDatabaseHead Member Posts: 2,753 ■■■■■■■■■■
    @Stryder - Good call on ISACA (COBIT). I would consider looking into it myself if I was the OP.
  • Options
    jibbajabbajibbajabba Member Posts: 4,317 ■■■■■■■■□□
    ITIL is good for any job assuming the company is implementing it. If the company isn't implementing ITIL then you are on your own :p
    My own knowledge base made public: http://open902.com :p
  • Options
    mbarrettmbarrett Member Posts: 397 ■■■□□□□□□□
    jibbajabba wrote: »
    ITIL is good for any job assuming the company is implementing it.
    It will give you an edge to get in the door of those companies that do. I see a lot of people asking for it by name - it can't hurt, and might actually help in the long run.
    As for the content itself, I can't speak to it because I'm not that familiar, other than it will give good insight into best practices, etc. which can be more useful on the compliance side. Not so useful if you are more on the technical side.
  • Options
    Pmorgan2Pmorgan2 Member Posts: 116 ■■■■□□□□□□
    ITIL and COBIT appear to be pretty good for most IT professionals. It helps show that you can be a member of the team, not just the IT guy. I think integrating your role into the business model, interacting with other functions in a business, and being able to quantitate the impact of your actions on the business mission are "soft skills" all companies want. ITIL and COBIT appear to try to put those soft skills into a common framework and certify the knowledge.
    2021 Goals: WGU BSCSIA, CEH, CHFI | 2022 Goals: WGU MSCSIA, AWS SAA, AWS Security Specialist
Sign In or Register to comment.