Strategic CIO // IT Strategy
News
2/25/2014
02:30 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

The Rise Of The Security Analyst

The most sought-after quality in security hiring today is strategic knowledge versus technical know-how, a global workforce study says.

In recent years, CISOs have succeeded in getting more boardroom buy-in for security tools and staff. According to (ISC)2's most recent Global Information Security Workforce Study, two-thirds of C-level managers believe their security departments are too small. Employers are interested in expanding their security staff, but they can't find people to fill the positions. 

According to the study, the most sought-after quality is a broad knowledge of security -- more of a strategic understanding than technical know-how -- followed by certifications. This is a tricky combination. Individual technical certifications don't provide a broad understanding of security strategy, and CISSP certifications are only given to people who already have five years of experience working as a security professional.

"There really aren't many entry-level positions in security in the same way there are in other industries," says Julie Peeler, head of the (ISC)2 Foundation. "What we really need is people who have experience beyond the one piece of technology. More than just a Cisco server, they need to know how servers work, and how servers link to each other. They need to understand the strategy and engineering behind a server. They don't make those in college."

Peeler says that the entire security industry is moving away from the super-techie with the IT degree.

"Because of the rise of the security analyst -- someone who can take a lot of disparate information and cull the truth out of it -- companies are looking at people with liberal arts backgrounds -- necessarily non-technical backgrounds," says Peeler. "A lot of these analytical skills are hard to teach." 

The trouble then is, if the people we want in IT jobs do not have IT backgrounds, how can we coax them to apply?

Read the rest of this article on Dark Reading.

 

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Susan Fourtané
50%
50%
Susan Fourtané,
User Rank: Ninja
2/26/2014 | 6:56:57 AM
Catch-22
Sara, 

Interesting. And tricky. 

"More than just a Cisco server, they need to know how servers work, and how servers link to each other. They need to understand the strategy and engineering behind a server. They don't make those in college."

Maybe it's about time colleges revised their syllabus to better adapt them to the requirements of today's positions in the enterprise. It seems there is a lot of incompatibility between what colleges are teaching and what the companies need. 

"Individual technical certifications don't provide a broad understanding of security strategy, and CISSP certifications are only given to people who already have five years of experience working as a security professional."

This sounds like a typical catch-22. How on this world can you get five years experience working as a security professional if "There really aren't many entry-level positions in security in the same way there are in other industries," according to what Julie Peeler says. :/   

"What we really need is people who have experience beyond the one piece of technology."  

Okay. That's what they need. Does Julie says what is the best way to get that experience taking into account what she previously said about the entry level positions? Or I missed something? :( 

-Susan
<<   <   Page 2 / 2
Transformative CIOs Organize for Success
Transformative CIOs Organize for Success
Trying to meet today’s business technology needs with yesterday’s IT organizational structure is like driving a Model T at the Indy 500. Time for a reset.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.