The latest "hot" job doesn't have anything to do with any sort of programming technique named after a coffee drink, nor does it involve creating flashy intros for Websites. It does, however, involve something as old as time itself -- security.
Two thousand years ago, men traveling across the desert tied up their camels when they went to sleep at night; and the more innovative among them would tie one end of a string to their big toe and the other end to their beast, so any attempt at theft would be detected immediately. Security has become a lot more sophisticated over the years however, and security experts are now in big demand. Threats to corporate networks are at an all-time high, and with corporations opening up their networks more and more to customers, partners, and suppliers, CIOs are finally seeing the value of putting money into security.
Courses in network security are now standard fare at most universities; there are abundant online and distance-learning security courses available. The SANS (System Administration, Networking, and Security) Institute's Global Incident Analysis Center (GIAC) also offers a training and certification program (www.san.org/giactc.htm), which covers all the security basics, as well as perimeter protection, cryptography, and policy issues. Dudley Brown, managing director of high-tech placement firm Bridgegate and member of the University of California at Irvine's advisory board, says that although network security is not yet considered part of the core curriculum, it is starting to show up as an elective subject.
In addition to security being included in standard computer science curriculum, certifications for network security specialists are springing up. The International Information Systems Security Certifications Consortium (ISC2) offers the CISSP (Certified Information Systems Security Professional) certification program (http://www.isc2.org/), with examinations held at a wide variety of locations and times throughout the United States. Most providers of firewalls and other security equipment also have their own vendor-specific certifications.
The shortage of good security people has led many companies to turn to outsourcers like DefendNet Solutions (www.defendnet.com), which offer a range of firewall management, security scanning, and intrusion detection services.
"Security technology and processes are becoming more complex, increasing the levels of expertise required to deploy and manage a system. Also, the pace of change in security attacks and viruses makes keeping up with the latest antivirus packages, intrusion-detection information, and security patches for various operating systems and network devices nearly impossible," said Vincent Giordano, president and CEO of DefendNet Solutions, a provider of managed Internet security solutions.
Giordano says that smaller businesses often cannot afford to hire qualified security personnel, and as a result they turn to managed security providers to deliver security services on a 24-7 basis. Financial institutions, companies that have an intensive transaction processing environment and large amount of sensitive data, ISPs, and colocation companies also tend to have great needs for skilled security people.
"Companies are looking into their security issues more in depth now that Y2K is over," said Susan Green, IT director for security software provider Secure Computing (www.securecomputing.com). "But there's not very many security professionals to be found."
Security experts were once thought of as hirsute hackers who learned their trade by breaking into other peoples' computers. Bridgegate's Brown relates the story of a teenager who hacked a sensitive area of the U.S. Defense Department, and a few weeks later the FBI showed up on his doorstep. The next week he was working in Los Alamos. �They showed up with an arrest warrant and a job offer, and said, which one would you like? The guy who can break in is the guy you want on your team. I think that happens fairly frequently," Brown said.
While we don't advocate breaking into the Defense Department's computers as a strategic career move, the story does underscore the shortage of security people -- and the fact that there's no single career track to joining their ranks.
