Tuesday, May 18, 2010

20 Information Security Jobs With Major Swagger

IT Security jobs that have Major Swagger!

The SANS Top 20 Information Security Jobs that are too cool!
  1. Information Security Crime Investigator/Forensics Expert
  2. System, Network, and/or Web Penetration Tester
  3. Forensic Analyst
  4. Incident Responder
  5. Security Architect
  6. Malware Analyst
  7. Network Security Engineer
  8. Security Analyst
  9. Computer Crime Investigator
  10. CISO/ISO or Director of Security
  11. Application Penetration Tester
  12. Security Operations Center Analyst
  13. Prosecutor Specializing in Information Security Crime
  14. Technical Director and Deputy CISO
  15. Intrusion Analyst
  16. Vulnerability Researcher/ Exploit Developer
  17. Security Auditor
  18. Security-savvy Software Developer
  19. Security Maven in an Application Developer Organization
  20. Disaster Recovery/Business Continuity Analyst/Manager

Closer analysis of Information Security Job #10:

#10 is the job I currently have, ISO (Information Security Officer), and I must admit that you have a lot of authority to make things happen to mitigate the risks that businesses face. As an ISO you don't have the overall responsibility of the company's security Like a Chief Information Security Officer, but you are closer to the action before things are put in place. This allows you to ask lots of questions, properly document, review and test security controls and strategies; or just say no to a business decision around technology that is too risky.

CISO/ISO or Director of Security


"Seems like I can get a lot done with little to no push back"

Job Description
Today's Chief Information Security Officers are no longer defined the way they used to be. While still technologists, today's CISO/ISO's must have business acumen, communication skills, and process-oriented thinking. They need to connect legal, regulatory, and local organizational requirements with risk taking, financial constraints and technological adoption.

Why It's Cool?

  •  "Authority always wins."
  •  "These people get to decide where to build the "watch towers", how many rangers are stationed in the park, where fires can be safely built, and the rules of engagement."

How It Makes a Difference

  • "You have the creative direction to influence and directly contribute to the overall security of an organization. You are the senior security player, the only one whom the CEO will trust."
  • "This position usually reports at a very high level, and gets to see and influence the big picture. You work with physical security, IT, the businesses, even the FBI and other law enforcement agencies."
  • "You are da Boss. You can pick and choose who does what, what gets done, and motivate and then share the credit with your people. You make a real impact on a daily basis."

How to Be Successful

Organizations succeed by taking risks, and they frequently fail because they then don't manage the risk-taking very well. The risks are business risks, and the security team needs to see business constituencies as "customers". The "this is how it's always worked" idea must be discarded. Data-driven decisions, devolving perimeter, any-device thinking, collaboration technologies, virtualization, and mobile data are diametrically opposed to prior thinking. Today's solutions are tomorrow's threat, and global and geopolitical landscape shifts are tightly coupled to intellectual and informational threats.

Experience is often the training ground, and diverse thought along with scenario planning is the requirement for a good outcome. Focus on the business goals: Never forget that this is the basis for security thinking.

For more information visit the SANS.org site:

No comments:

Post a Comment

Get Expert Advice!