The term "security professionals" covers a wide range of areas, from information technology to diplomacy and international relations. Some security professionals will be specialized within one of these fields but, particularly at the lower level, most will be expected to deal with the technical aspects of data security, so it makes sense to focus on this area. A security professional working primarily with information technology will generally require a bachelor's degree in Computer Science or a related field. Depending on the level of the position, s/he may also have to demonstrate competence by supplying evidence of a certain number of years of relevant experience or certification from the Certified Information Systems Security Professional organization (CISSP). CISSP provides courses in such areas as security engineering, cryptography, and risk management. Higher level administration and management in defense firms will often also require government clearance.
The government clearance procedures are rigorous and may well seem exhaustive, but the principal problem with all such vetting processes is that they are negative in nature. Aside from technical qualifications, a high level of integrity is essential in security professionals. However, vetting procedures are typically focused on finding out whether they have yet committed any crimes or serious breaches of ethics. They generally do not establish the positive integrity of an individual. Some sense of this may be gained by interviewing people who know the candidate well, but this is often results in the same empty phrases that are common in boilerplate employment references. This is why, particularly at the managerial level, a proven track record is so valuable.