The Rise Of The Security Analyst - InformationWeek
IoT
IoT
IT Leadership // IT Strategy
News
2/25/2014
02:30 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%
RELATED EVENTS
[A2 Academy] AI: Impacts Today & in the Future
Jun 06, 2017
In response to the AI revolution All Analytics is launching the 2017 A2 Academy, AI: How It Impact ...Read More>>

The Rise Of The Security Analyst

The most sought-after quality in security hiring today is strategic knowledge versus technical know-how, a global workforce study says.

In recent years, CISOs have succeeded in getting more boardroom buy-in for security tools and staff. According to (ISC)2's most recent Global Information Security Workforce Study, two-thirds of C-level managers believe their security departments are too small. Employers are interested in expanding their security staff, but they can't find people to fill the positions. 

According to the study, the most sought-after quality is a broad knowledge of security -- more of a strategic understanding than technical know-how -- followed by certifications. This is a tricky combination. Individual technical certifications don't provide a broad understanding of security strategy, and CISSP certifications are only given to people who already have five years of experience working as a security professional.

"There really aren't many entry-level positions in security in the same way there are in other industries," says Julie Peeler, head of the (ISC)2 Foundation. "What we really need is people who have experience beyond the one piece of technology. More than just a Cisco server, they need to know how servers work, and how servers link to each other. They need to understand the strategy and engineering behind a server. They don't make those in college."

Peeler says that the entire security industry is moving away from the super-techie with the IT degree.

"Because of the rise of the security analyst -- someone who can take a lot of disparate information and cull the truth out of it -- companies are looking at people with liberal arts backgrounds -- necessarily non-technical backgrounds," says Peeler. "A lot of these analytical skills are hard to teach." 

The trouble then is, if the people we want in IT jobs do not have IT backgrounds, how can we coax them to apply?

Read the rest of this article on Dark Reading.

 

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Susan Fourtané
50%
50%
Susan Fourtané,
User Rank: Author
2/26/2014 | 6:56:57 AM
Catch-22
Sara, 

Interesting. And tricky. 

"More than just a Cisco server, they need to know how servers work, and how servers link to each other. They need to understand the strategy and engineering behind a server. They don't make those in college."

Maybe it's about time colleges revised their syllabus to better adapt them to the requirements of today's positions in the enterprise. It seems there is a lot of incompatibility between what colleges are teaching and what the companies need. 

"Individual technical certifications don't provide a broad understanding of security strategy, and CISSP certifications are only given to people who already have five years of experience working as a security professional."

This sounds like a typical catch-22. How on this world can you get five years experience working as a security professional if "There really aren't many entry-level positions in security in the same way there are in other industries," according to what Julie Peeler says. :/   

"What we really need is people who have experience beyond the one piece of technology."  

Okay. That's what they need. Does Julie says what is the best way to get that experience taking into account what she previously said about the entry level positions? Or I missed something? :( 

-Susan
<<   <   Page 2 / 2
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of Data and Analytics
Today's companies are differentiating themselves using data analytics, but the journey requires adjustments to people, processes, technology, and culture. 
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll