What changes would you make to your department?
Technology is growing, but budgets seem to remain. If I had to choose one thing, it would be for a bigger budget and more people.
What annoys you?
When one vendor doesn't talk to another to make sure they work in harmony; products that had little to no quality assuarance; malware. It is a shame it is not safe for the average user to surf the web.
How do you describe your job to average people?
No one understands what an information security analyst is. Technically my job is to ensure the safety of our information and computer environment.
What part of your job are you most proud of?
Probably the most notable thing is not choosing mainstream vendors and getting all of our vendors to partner with each other and create products that are integrated for a unified solution (we beta test for all our vendors as this directly benefits us). For example, our intrusion prevention system (IPS) [NitroSecurity] can interface directly with our network access control (NAC) [Bradford Networks], which makes my job a lot easier.
How do you see IT security changing in the future?
Being on the net is like being in the bad part of town. Instead of bars on your house's windows, we have firewalls on our computers' windows. As operating systems like Vista come out, which make it harder for hackers and malware to survive, the hackers and malware will get more sophisticated. Fifteen years ago, we had viruses in DOS, and all you had to do was delete the file. Now we have root kits and alternate data streams, activeX controls and Java exploits, as well as browser hijackings.
SKILLS IN DEMAND
Pay for information security certifications is up 4.5 percent since July 2005, and +2.2 percent in first half of 2006. One year ago: 3.5 percent and 4.3 percent declines, respectively.
What about other certs?
122 surveyed IT certifications grew 3.8 percent in the past year, averaging 8.3 percent of base pay for a single certification versus 9 percent for an information security certification.
Will this continue?
Service vendors are hot for consultants with information security skills and willing to pay. Most other industries remain chronically information-security skill-deprived.
Source: Foote Partners 2Q 2006 IT Skills Pay Index