Future security professionals will need to focus on some key concepts in order to be knowledgeable and equipped to handle the stability and security issues of tomorrow’s technology.
Experience always has and always will be important in landing a job and keeping that job. You need to be able to perform the tasks required by a position. You might not be able to walk directly into the security profession of your dreams, but starting off in more mundane positions, excelling at accomplishing your work responsibilities will not only grant you experience, but also enable you to be recognized for your excellence, which usually equates to promotion and career advancement. More experience leads to more knowledge, and more applied knowledge leads to wisdom. Security professionals need wisdom to see the risks and responses that others overlook.
There will always be IT positions that do not require programming ability, but a security professional is not likely one of them. Many future security positions will require coding skills. After all, with coding skills you can:
- Analyze suspicious programs to determine their function and intent.
- Craft filters and responses to attacks while waiting for a vendor to release a patch.
- Improve the function of open source programs or write your own code to solve problems.
Experience can be a trump card, but many HR managers will not take a second look at a prospect unless he or she has certain specific requirements. Such requirements often include not having a criminal record, having a college degree and having specific certifications.
While training for some certifications is often geared toward passing an exam, achieving a certification at least provides a rough measurement of your knowledge level and capability. Someone who has a certification has a better chance at being considered for a job than someone else who has the same overall background but lacks certification.
To determine which certifications to pursue, survey 10 to 20 job postings from various organizations for the specific job you would like to have. List the certifications recommended or required in those postings. Use that list as a road map to gain the needed training and pass the certification exams. Re-perform this survey every three to six months to keep your progress on target.
Checking or verifying that a security implementation functions as expected and designed is often referred to as ethical hacking or penetration testing. A security professional will likely find that the need to perform his or her own internal security analysis will be increasingly essential in security management. Hiring consultants to perform penetration tests can be dauntingly expensive, so the ability to perform your own penetration tests is a significant benefit compared to others without such skills.
End User Acceptance Testing
Often security experts get caught up in enforcing the most secure implementation without considering how it impacts the work tasks of individuals. Security should always be adjusted to business needs and requirements. It is of little value to have a highly secure network if essential business tasks cannot be accomplished.
While developing and deploying new security solutions, take the time to review how the security improvements will affect users and business tasks.
Whenever possible, develop training to help end users adjust to new business processes before implementing significant security changes. If workers do not accept and adjust to security, they will often find a way to bypass or disable the security that they see as too inconvenience or having no direct value to their specific work activities.
As security experts, it is our responsibility to continuously prepare for new technologies and to encourage the adoption of improved security measures in order to increase stability and reduce exploitation. In order to stay vigilant, the next generation of security professionals should have experience, coding skills, certification, penetration testing skills and the ability to perform pre-deployment end-user testing.
Building Cybersecurity Champions