For large organisations, there can be few tasks more irksome than trying to close a stable door after the horse has bolted. Increasingly, however, businesses find themselves in the position of trying to patch a hole in their IT defences after one catastrophic event or another.
At such times, a harassed CEO, or CTO, may be asking themselves how they could have allowed this to happen, and who they can employ to stop it happening again. It certainly becomes clear, as the phones around recruitment agencies begin ringing, that IT security officers play a vital role, either in cleaning up messes left by others, or stopping the mess being made in the first place.
Moreover, cybercrimes and malfeasance continue to develop and mutate, remaining a persistent and concerning threat to businesses, homes and, in worst-case scenarios (such as potential cyber-attacks on energy distribution networks), entire nations. High-ranking concerns currently are as follows:
This is an umbrella phase for cybercriminals exploiting human gullibility by striking a false pose in an email or on a social network. IDs, password, location data, and other useful information is extracted in this way.
This has been reported as being on the rise, especially with the enormous popularity of apps. Indeed, intrusion in to company networks has been somewhat facilitated by the BYOD (bring your own device) trend. Some employees do not keep their own mobile phones as secure as they should, and company data on those phones can sometimes get in the wrong hands.
Cloud computing concerns
While cloud servers are said to be as secure as Fort Knox, inevitably, the hackers have risen to the challenge, as the reported intrusion into Dropbox during 2012 exemplifies. As the Cloud becomes more and more fashionable, so the associated risks and exposure levels will rise.
In the context of such threats, it is little wonder that companies are becoming more serious in their attitude to hiring, and working respectfully with, information security professionals.
In turn, these professionals are busy positioning themselves for the right job opportunities so they are ready to apply when the time comes. It might be worthwhile for them to reflect on some of the defining qualities of a successful security professional. These include:
– Plenty of experience “on the ground”, working in business:
Industry experience is the first thing an employer is going to look out for. This experience may not be directly related to IT security, but could be in the fields of desktop support, or networking. For instance, a CISCO networking guru might potentially make a strong candidate for a managerial security role, as a solid background in configuring firewalls could come in handy.
– All-round people skills
An IT security job, especially in the area of risk management, is very much concerned with getting existing information out of employees in order to document procedures more effectively. For this, a combination of firmness, charm, patience and persistence is required: In other words, the ability to get on well with people who may not want to make time to speak with you.
Having security certificates, such as the Certified Information Systems Security Professional (CISSP®), can only help. While a proven track record in fending off cybercrime is gold-dust to a potential employer, certificates also have their place. Not least, they indicate that the candidate has plenty of in-depth knowledge to back up their experience.
Finally, while IT security roles in a large organisation may not always have the highest profiles, or be the most glamorous, they are becoming increasingly vital, and respected, at a time when information systems are more vulnerable than ever.