Support us by visiting our sponsors and win a €20 Amazon Voucher every month

Follow maltainfosec on TwitterTwitter or RSS 2.0 feed

Jan 30

A job in computer security

Articles, Forensics 1 Comment »

Sadly, the past few weeks has left me very little time to write about my rants. The first month has already passed by and I barely realised. In truth the next 5 months are a sort of marathon in that I have three exams coming up (one of the CISM) and a thesis to finish off. On top of that, I have an ISACA presentation to give at the end of March (more details later on) and a full time job :-) I guess I shouldn't grumble -- and I won't. My replacement eTc-3850 thin client is still for sale, so if you're interested, drop me an email. It is still boxed and never been used.

Ok, back to a good article I read on Securology here's one that struck home on a number of points. It's a little lengthy so I won't be quoting a lot of it - however the core of it revolves around the idea that a job in computer security is not all rosy as it might seem. Varied ideas tend to exist about the glory of CSI like investigations and huge pay packets however the truth is somewhat much more down to earth. The reality according to Securology exposes the following:

1. Perfect Security is not possible.
2. Most security work is really about making sure everyone else does their job "correctly".
3. Security Response jobs suck.
4. Security Operations jobs suck more.
5. Security Planning jobs are set up to fail.
6. Security vendors have to sell out
7. Pen Testers and Consultants have Commitment Issues
8. Exploit writers perpetuate the problem.
9. Security Educators either are paranoid or should be.
10. Security Media don't really exist.
11. And Security Bloggers are the worst above all.


Each section is expanded and talked about and I encourage you to read the original article (see below for source). Being a security guy myself, I would say that they are somewhat true - and kinda got me frowning - however somewhat over-stated too. It's not all bad, though ... really!

A good point comes out of point 3 - Security Response jobs suck...

... It may seem like CSI or something, but jobs that deal with responding to incidents suck. Except in high profile cases, computer forensics and true chain of custody techniques are not followed-- and if you want a computer forensics job, you'll probably have to work for a large government/public sector bureaucracy (and all the fun that goes with spending tax payers' dollars), which means you'll be primarily working on child pornography or drug trafficking cases and riding daily the fine line between public good and privacy infringements (warrantless wiretaps come to mind).


Others are aimed to put you off... and encourage you to head for a farming job!

If you're already in a security career and find yourself disheartened by the lacking options around you (because you've realized that it isn't the glamorous field you once thought), but find that you have an amazing affinity towards learning all that you can, this might be a saving grace that will prevent you from leaving everything you've learned behind and taking up a job as a dairy farmer (or some other similar job that will not require you to touch a computer)


I work in an environment where our department is very centric to several other security departments. We interact with all other departments the idea being that there is a defined separation of duties. In these cases, on the several skills of a security analyst has got to be communication. That essentially means that you must both have a technical varied background and be a people person capable of assessing (not only your needs) but also those of others. The reasons for this is obvious - you need to state your point from a security angle, balance your opinion vis-a-vis usability and be in a position to help implement/facilitate solutions that are security centric. Not an easy job -- but hey, then what are we paid for ? ;-) ... and yes it also means that to a certain point we have to be educators.

To close this article, here's Securology's ending... I sense that the writer must have been in one of his low moments - nevertheless - heads up... its not all grim.


If you hope to change the world with your career, may I suggest a rewarding opportunity teaching high school math or science in a public school system? The pay is for shite, and there will be harder days than being a security professional, but your pupils will be grateful for your job well done later in life-- even if they don't manage to get around to tell you. Besides, everyone knows Americans spend what they make-- just learn to make ends meet on a teacher's salary.


Source

Posted by Donald Tabone

2332 hits

0 Trackbacks

Trackback specific URI for this entry
  1. No Trackbacks

1 Comments

Display comments as(Linear | Threaded)
  1. securology says:
    01/31/2009 06:14:28 PM

    I appreciate the comments. Yes, I have spent a lot of time re-thinking a career as a high school math teacher! ;-) (joke)

    More seriously, I wrote this because I find a lot of people going into this line of work for the wrong reasons, namely pay or because they think it's just a rung in the technical ladder. It's more than that, and I'm afraid we won't get better as a whole until those people move on to leave us to get real work done. I may be jaded, but if I got you to think twice about your work, then I accomplished what I set out to do.

    Thanks for the remarks!

Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Please consider sending us a small donation to keep this site going. Click the PayPal logo below. Thank you!