The recent bombings in Ahmedabad and Delhi, and the audacity of terrorists to
inform through emails about the bombings prior to their happening were possible
due to an unsecured Wi-Fi connection. A simple unsecure Wi-Fi connection used by
terrorists exposed the importance of having secure measures in place and has
caught the attention of entire country. Had terrorists been able to use such an
unsecure Wi-Fi connection of an enterprise instead of someone's personal
connection, the whole implications would have changed. The IT Security has
become a prime concern for every enterprise. They have to ensure foolproof
systems and implement stringent privacy laws to avoid any vulnerability misuse
or loss of information. Information being the most valuable asset for an
enterprise, its protection from unscrupulous elements has taken center stage as
a strategic IT priority. Not only that, the worldwide regulatory compliances
also requires that organizations better protect sensitive data and mitigate
emerging threats. So, more organizations are recognizing the need for dedicated
network professionals who can protect information from such threats.
Organizations are relying more on IT security professionals to protect not
only their information assets but also their brand reputation, market value and
to meet the compliance regulations. It is evident now that, security
professionals have become an integral part of an organization's business model.
As per a recent IDC study, the Indian industry is expected to generate a demand
for 1, 22,874 network security professionals by 2009 whereas only 87,562
professionals would be available. This would result in a shortfall of over
35,000 professionals.
Professionals wanting to venture into security domain will have to hone
skills beyond their IT skills and technical know-how. Soft skills in management
and communications, as well as understanding of policy, processes and personnel
will only add to their advantage. The professionals coming from networking
background can take themselves into becoming Information Security experts, while
the professionals coming from software development area can become engineers and
researchers with companies developing security products.
The opportunities
Security of an IT system implies that the person responsible for its security
should be abreast of the technological changes since new technologies would most
definitely open up new avenues of threat. It will depend how proactively a
security professional detects such possible threats and provide solutions to
mitigate them and ensure that business productivity doesn't get hampered. The IT
security industry has various opportunities that can be classified in three
distinct areas, -security operations, security management and security
investigations. The responsibilities will vary depending on the domain.
In the security operations domain, a security professional will focus on
hardware and software part of the security for the organization's network and
information assets. They will be ensuring that the organization's network
remains free from any vulnerabilities. They also manage and implement
applications like anti-viruses and Unified Threat Management devices to protect
information.
The professionals in security management domain will be required to develop
and implement security standards and procedures. They will be also be drafting
regulatory policies for tackling issues related to information security.
Abhay Valsangkar, Senior Director, Human Resources Symantec Corporation |
|
Gartner claims security software revenue will total $219.4 million in 2008, a 13.5 percent increase from 2007. The market is forecasted to reach almost $240.4 million in 2012, an annual growth rate of 9.1 percent from 2007 to 2012. With such an exciting growth in the market, we clearly anticipate a requirement of skilled professionals in the area of software security. These may include those on the engineering side like - software design architects, software testers or for roles like QA, technical writing, sales and marketing and software management. Issues related to piracy, intellectual property, cyber crimes etc. herald the need for software security solutions all the more. This too, would increase the need for skilled professionals. |
The security investigation domain is a vast area. Professionals vary on the
basis of their expertise; a penetration tester will be using his hacking skills
to detect vulnerabilities in an application or organization's network. A Cyber
Forensic Analysts will use the investigative skills and understanding of cyber
laws, legal requirements on evidence and behavioral science to look into the
issues related to cyber crimes, piracy and intellectual property rights.
Information security not only includes organizational data within the
enterprise, but hosted online data as well. A major concern for enterprises is
to secure their online data and websites. Therefore they are hiring auditors to
report vulnerabilities in their websites through which a hacker can crash their
site or leak data. Such a job can only be done better by a hacker himself.
Ethical hackers have found recognition in enterprises where they help in
plugging the vulnerable zones in a website or a network through which intruders
can get access to unauthorized information. Though there are specialized post
graduation courses in engineering for information security, there are also
specialized certification exams available. A security professional can opt for
these exams depending on the area of specialization.
Lokesh Mehra, Regional Manager- Corporate Responsibility, Cisco South Asia |
|
Varied skills are in vogue, it's no longer the virus and worms which could be the cause of headache for a security professional. The person would also be responsible to ensure intellectual property resides within the company and does not reach competitors. Secondly, the person needs to play an activist role within the organization educating people on compliance measures and how to protect information. Quite often, we all see people blurting their passwords openly in offices when faced with a technical glitch to get their problem resolved. The person needs to be an all rounder encompassing technical, communication, collaboration and advocacy as well as business skills to understand nuances of security impact in addition to gaining confidence of the senior management for funding and conformity. |
Career path
IT security is transforming from tactical strategies to information risk
management. The traditional role of IT security was confined to firewall
configurations and probably antivirus updates, which beginners in any
organization are exposed to. With maturity and experience, a professional's role
will evolve to protecting the enterprise from information loss and outages. At a
CXO level the individual would justify the cost of ongoing and future
investments to mitigate information risks. Aligning business objectives with a
concise security strategy is a critical element in this role.
The job responsibilities of security professional are dependent on the nature of
the enterprise and security requirements. Broadly they can be defined as below.
Information Security Operations- to maintain and monitor security in a
specific IT environment by implementing relevant technology controls. The
specific tasks would include network and technology infrastructure security
control implementation, system and application security, installation and
maintenance of firewall, antivirus software, intrusion prevention/detection
systems and anti-spywares, etc.
Information Security Executive Management- to correlate broad security
guidelines of the enterprise with security operations, security project
management and implementation of security as per security architecture, risk &
security monitoring, security program implementation.
Information Security Management — role includes Risk Management,
Security Program Management, Data Security, Policy Creation and Maintenance,
Incident Management, Business Continuity/Disaster Recovery, Security
Architecture, Security Policy Creation and Maintenance.
Chief information Security Manager - Role includes design &
development of information security policy, regulatory compliance and
information security governance.
Dr. Smita Dilip Totade, President, ISACA Pune Chapter | |
According to the Department of Labour, US “the demand for computer security specialists will grow as businesses and government continue to invest heavily in cyber security, protecting vital computer networks and electronic infrastructures from attack. The information security field is expected to bring many opportunities over the next decade as firms across all industries place a high priority on safeguarding their data and systems. I believe that numerous opportunities would be available at various levels for security professionals' worldwide... |
Security Advisors/Auditors — Independent experienced professionals
would provide advisory services for Info security policy design, Risk
Assessment, ISMS Compliance as per Global/industry accepted standards.
Also from a software development perspective, a career in security
technologies offers a challenging and interesting growth path. Software
development professionals are expected to have thorough knowledge of computer
networking, various programming languages and the flaws that may exist while
programming in these languages.
Certifications
Security certification is the major criteria for IT project managers as
companies are hiring certified professionals to safeguard their assets. The
value of any certification depend on the candidate requirements, as getting
certified in any another domain without any requirement does not prove fruitful.
Therefore, getting specialized certification gives a broader perspective and
adds value to the candidate's profile. Certifications for security include CISSP
(Certified Information Security Professional), SSCP (Systems Security Certified
Practitioner), CCSP (Cisco Certified Security Professional), GIAC Security
essentials certification. CISSP provides solid information to security
tacticians in 10 security domain. The CISSP credential is best for mid and
senior-level managers who wish to or have already attained the positions of
CISOs, CSOs and Senior Security Engineers. The early registration for this
course can be done in USD 499. SSCP demonstrates the level of practitioner and
is ideal for the candidates who are working toward or have already achieved
positions as Senior Network Security Engineers, Senior Security Systems Analysts
or Senior Security Administrators. The early registration for this course can be
done in American $ 369.