The SANS Top 20 Information Security Jobs that are too cool!
- Information Security Crime Investigator/Forensics Expert
- System, Network, and/or Web Penetration Tester
- Forensic Analyst
- Incident Responder
- Security Architect
- Malware Analyst
- Network Security Engineer
- Security Analyst
- Computer Crime Investigator
- CISO/ISO or Director of Security
- Application Penetration Tester
- Security Operations Center Analyst
- Prosecutor Specializing in Information Security Crime
- Technical Director and Deputy CISO
- Intrusion Analyst
- Vulnerability Researcher/ Exploit Developer
- Security Auditor
- Security-savvy Software Developer
- Security Maven in an Application Developer Organization
- Disaster Recovery/Business Continuity Analyst/Manager
Closer analysis of Information Security Job #10:
#10 is the job I currently have, ISO (Information Security Officer), and I must admit that you have a lot of authority to make things happen to mitigate the risks that businesses face. As an ISO you don't have the overall responsibility of the company's security Like a Chief Information Security Officer, but you are closer to the action before things are put in place. This allows you to ask lots of questions, properly document, review and test security controls and strategies; or just say no to a business decision around technology that is too risky.
Today's Chief Information Security Officers are no longer defined the way they used to be. While still technologists, today's CISO/ISO's must have business acumen, communication skills, and process-oriented thinking. They need to connect legal, regulatory, and local organizational requirements with risk taking, financial constraints and technological adoption.
Why It's Cool?
- "Authority always wins."
- "These people get to decide where to build the "watch towers", how many rangers are stationed in the park, where fires can be safely built, and the rules of engagement."
How It Makes a Difference
- "You have the creative direction to influence and directly contribute to the overall security of an organization. You are the senior security player, the only one whom the CEO will trust."
- "This position usually reports at a very high level, and gets to see and influence the big picture. You work with physical security, IT, the businesses, even the FBI and other law enforcement agencies."
- "You are da Boss. You can pick and choose who does what, what gets done, and motivate and then share the credit with your people. You make a real impact on a daily basis."
How to Be Successful
Organizations succeed by taking risks, and they frequently fail because they then don't manage the risk-taking very well. The risks are business risks, and the security team needs to see business constituencies as "customers". The "this is how it's always worked" idea must be discarded. Data-driven decisions, devolving perimeter, any-device thinking, collaboration technologies, virtualization, and mobile data are diametrically opposed to prior thinking. Today's solutions are tomorrow's threat, and global and geopolitical landscape shifts are tightly coupled to intellectual and informational threats.
Experience is often the training ground, and diverse thought along with scenario planning is the requirement for a good outcome. Focus on the business goals: Never forget that this is the basis for security thinking.
For more information visit the SANS.org site: