Comments
The Rise Of The Security Analyst
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
Susan Fourtané
50%
50%
Susan Fourtané,
User Rank: Ninja
2/26/2014 | 6:56:57 AM
Catch-22
Sara, 

Interesting. And tricky. 

"More than just a Cisco server, they need to know how servers work, and how servers link to each other. They need to understand the strategy and engineering behind a server. They don't make those in college."

Maybe it's about time colleges revised their syllabus to better adapt them to the requirements of today's positions in the enterprise. It seems there is a lot of incompatibility between what colleges are teaching and what the companies need. 

"Individual technical certifications don't provide a broad understanding of security strategy, and CISSP certifications are only given to people who already have five years of experience working as a security professional."

This sounds like a typical catch-22. How on this world can you get five years experience working as a security professional if "There really aren't many entry-level positions in security in the same way there are in other industries," according to what Julie Peeler says. :/   

"What we really need is people who have experience beyond the one piece of technology."  

Okay. That's what they need. Does Julie says what is the best way to get that experience taking into account what she previously said about the entry level positions? Or I missed something? :( 

-Susan
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
2/26/2014 | 8:51:37 AM
Re: Catch-22
Peeler goes on to say in the original article in Dark Reading:

"...the security industry needs to do more to connect with children in primary and secondary school, as well as expand partnerships with universities. In addition to providing more mentoring, internships, and apprenticeships, the security industry needs to work with universities to create curricula that are nimble enough to respond to a rapidly changing industry."


In a similar vein, Dave Piscitello, VP Security at ICANN wrote recently about the need for more liberal arts education on the resumes of InfoSec job candidates:

"I work in InfoSec alongside respected colleagues who earned philosophy, physics, psychology, and political science degrees. I recently met former concert and improv flautists who are rock-solid privacy experts. STEM-centric education won't fill the short-horizon shortfall of cybersecurity talent -- and my head spins when I imagine the unintended consequences over the long term."

Another interesting point of view. I don't think it's a Catch-22 but a topic worth discussing. Any takers?

Susan Fourtané
50%
50%
Susan Fourtané,
User Rank: Ninja
2/26/2014 | 9:20:51 AM
Security and education
Thanks, Marilyn! 

Yes, I have to continue reading on DarkReading. :)

So I was not too wrong with my comment about education. Now reading that quote things look different. It doesn't look like a Catch-22 anymore. It's only a question of synchronizing with the educational institutions. 

Thanks for the second link, too. 

-Susan 
Joe Datacenter
50%
50%
Joe Datacenter,
User Rank: Apprentice
2/26/2014 | 9:50:11 AM
Re: Catch-22
Michele Chubirka wrote an article related to this on Network Computing: The Return of the IT Generalist. While the point is slightly different than the security study cited here, it speaks to a trend toward more integrated and overarching IT skill sets.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
2/26/2014 | 9:58:40 AM
Re: Security and education
It doesn't look like a Catch-22 anymore. It's only a question of synchronizing with the educational institutions. 

True, Susan. But "it's only" is not an easy task! 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
2/26/2014 | 10:05:18 AM
Re: Catch-22
Thanks for the link, Joe Datacenter. It is indeed an interesting article reinforces Sara's point. I particularly liked this quote from the author Michele Chubirka, who wrote in The Return of the IT Generalist

"With extreme specialization, have we created our own professional prisons, locking ourselves in chains of boredom? Engineers are by nature curious creatures and you need only look at most IT resumes for evidence. The two-year job-hopper is common in this field, because an individual will simply run out of challenges in most IT departments."

We definitely live in interesting times! 

Old Bull
50%
50%
Old Bull,
User Rank: Apprentice
2/26/2014 | 5:05:26 PM
I'm not seeing it
"According to the study, the most sought-after quality is a broad knowledge of security -- more of a strategic understanding than technical know-how -- followed by certifications."

I posted the below at the original Dark Reading column but got no response so I'll try again here:  who is favoring the IT generalist? I'd love to know.

"@ Sara, it was with great interest I read this article because I fit this description of the "non-techie" security applicant. I have psychology and business degrees, and twenty-plus years of seasoned business experience. Last year, I completed an M.S. degree in cybersecurity (no certs yet) and since have applied to approximately 75 cybersecurity firms and businesses advertising for cybersecurity positions (even though I may not have the *exact* qualifications they stipulate. Does anyone?) I haven't had the first interview or the first query of interest, even after listing my information with all of the major IT job boards.

The reason I went back to school for the graduate degree was so much talk of a shortage of people needed in cybersecurity, going back even for several years. However, the job ads I've seen put such qualifications on job candidates that they won't fill many (or most?) of these positions for a decade, until those they can groom early on from secondary schools are finished with school. Qualifications such as "must have an active security clearance in place", "minimum 5+ years experience" in this and that, "CISSP required", and so on. There is no interest in security newbies nor is there a desire to invest in developing anyone though the need for people is reportedly there.

So, coming from the trenches, I'm just not seeing this hunt for the non-techie security analyst. It just isn't happening. Please inform as to which companies are interested in us non-techies. Thank you.

R.S.

 
Susan Fourtané
50%
50%
Susan Fourtané,
User Rank: Ninja
2/27/2014 | 8:01:18 AM
Re: Security and education
Marilyn, 

True. Not at all is an easy task! The "it's only" was meant in a positive way, as saying that there is a way out, there are possibilities, which is much better than my previous impression of the situation, totally lost, or extremely difficult. 

The educational institutions need to provide the kind of education required for today's needs. Some of them live long in the past. 

-Susan 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
2/27/2014 | 8:26:13 AM
Re: I'm not seeing it
Thanks for your post and reality check, "Old Bull." I would hope that what you are experiencing is a time lag in getting the word out from the forecasters who look at trends and the actual hiring managers in the real-word. Keep working on those certs, getting experience and and security firms looking for a more strategic perspective will eventually take notice.
shakeeb
50%
50%
shakeeb,
User Rank: Apprentice
2/28/2014 | 8:23:57 PM
Re: Catch-22
This is an interesting article. IT security has become an important as aspect for most of the organizations. This helps is streamlining IT process with proper procedures.  
Page 1 / 2   >   >>


The Agile Archive
The Agile Archive
When it comes to managing data, don’t look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.