If you are in charge of hiring people to work with your security, what analysis do you use to make sure that you hire the right people? Do you look at their college transcripts to see if they are right for the job? Do you look at past work that they have done to see if they are right for the job? Or do you look at the way that they operate when they are around you and do you think that you can fill in any holes in their knowledge that you have to? Every person who hires people these days have their own qualifications of who they think will be able to do the job well. But when it comes to the world of computer security there are a few more factors that you really should think about as well.
When it comes to computer security there are a lot of layers that you have to be able to peel through before you get to the root of the problem. And to be able to peel away those layers it takes a different set of skills on each one. Now if you are looking for someone to just maintain your network and then call someone else when things get hairy, then yeah, you do not have to worry about all of those different types of layers then. But if you are looking to hire someone who really knows how to work and move around the world of computer security then you are really going to have to go deeper.
When you are talking about being able to watch the network of most businesses, then the person should really know how the internals of a network work. I am not just talking about how they can set up the wires in the right way. You can teach anyone how to do that correctly. I am talking about that they should really know how the network works. They should know how the internals of a switch and a router work. They should know how the protocols of the particular network that they are working on work. Most businesses today work with a TCP/IP stack. They should really understand what that means. And for even better measure they should know what UDP means and maybe even some more protocols that are out there. They should also be familiar with the http protocols. They might not have to know them by heart but at the very least they should know what they are and what books or websites they would need to look up any information on them.
If you are looking for someone who is able to root out malware then you should look for someone who really understands the internals of software. Someone who just knows how to run a couple of security scanners is not going to cut it in this day and age of complicated malware. You need someone who knows how to program and they also need to know how to debug the program. The terms dissassembler and debugger should be concepts that they are familiar with. And they need to know how desktop programs interact with network servers when it comes to malware. Just knowing what a rootkit is is not enough anymore.
When we are talking about computer security we are talking about a world that is very different than it was 5 years ago. We are talking about a world where experts are needed more and more.