ITIL Beneficial within Cyber Security?

Infosec85

Hello folks,

As the title suggests is the above certification beneficial within I.T security.

I have to be honest and say I don't know much about it, other than it relates to best practices etc. I've always assumed it was more a managerial sort of certification.

However looking at job descriptions for infosec roles I have seen it popping up quite a lot.

Can someone elaborate?

Many thanks!

OctalDump

ITIL Foundation is good for anyone working in IT. It deals with how IT relates to business, which is really fundamental to delivering useful IT services. So even if you are the 'lowly' info sec guy managing firewalls, or trawling alerts from a SIEM, being able to ensure that the service you deliver is appropriate to the organisation's strategy is a good thing. Like other areas of IT, there is a risk to get carried away and deliver services that aren't entirely right for the company.

ITIL provides a framework for IT to give the business what it needs, and also to help IT articulate what they can offer in a language that business can better understand.

There is some value in higher level ITIL certifications for certain info sec roles. They deal with the management and delivery of IT services, which necessarily encompasses security. The CIA triad is fairly fundamental to IT services.

Axelos, the people that run ITIL, also have a security framework, Resilia, which integrates with ITIL. However, I haven't seen that it has much visibility.

Infosec85

Thanks appreciate the insight

Chinook

If you were a straight up pen-tester, probably not. If you're working in a larger company, government or hospital, yes it would. It can never hurt to have ITIL under your belt.

stryder144

ITIL is beneficial though not necessarily directly "cyber". I would recommend getting the Foundation cert then work on ISACA's COBIT. Give the link a read through, you might find it useful.

DatabaseHead

@Stryder - Good call on ISACA (COBIT). I would consider looking into it myself if I was the OP.

jibbajabba

ITIL is good for any job assuming the company is implementing it. If the company isn't implementing ITIL then you are on your own

mbarrett

jibbajabba wrote: »

ITIL is good for any job assuming the company is implementing it.

It will give you an edge to get in the door of those companies that do. I see a lot of people asking for it by name - it can't hurt, and might actually help in the long run.
As for the content itself, I can't speak to it because I'm not that familiar, other than it will give good insight into best practices, etc. which can be more useful on the compliance side. Not so useful if you are more on the technical side.

Pmorgan2

ITIL and COBIT appear to be pretty good for most IT professionals. It helps show that you can be a member of the team, not just the IT guy. I think integrating your role into the business model, interacting with other functions in a business, and being able to quantitate the impact of your actions on the business mission are "soft skills" all companies want. ITIL and COBIT appear to try to put those soft skills into a common framework and certify the knowledge.