Computer Security: Can You Break the Code?
Do you like to solve puzzles? Imagine being told to unravel a company's
security code. That's what computer systems security analysts do. With computer
security a growing concern, these workers have plenty of opportunities to
test their puzzle-solving skills.
"Internet security has never been more important," agrees Marie-Helene
Sakowski. She is the managing director of a high-tech recruiting company.
Sakowski explains that companies are concerned about recent intrusions
into computer systems. Many are spending a lot of money to ensure their systems
are as foolproof as possible.
Also, as companies demand safer products, software vendors respond by putting
more effort into developing secure software. Microsoft has hired security
experts to help them ensure that their software's code is robust and hacker-proof.
This increases the demand for more skilled security workers.
"As long as there are curious people interested in peeping, job prospects
in the field of computer security will be high," agrees M.P. Prakash R. Lewis.
He is a system administrator in North Carolina.
"The worries are not just about viruses, worms and spam," Sakowski adds.
"People are concerned with nasties that haven't yet been given names."
That has created an increasing demand for people with high backbone Internet
skills. "Backbone Internet" refers to the hard wiring for switches and routers
and other technologies. The backbone people are working with software developers
to be sure the code is robust and hacker-proof.
Security analysts do more than protect existing technologies. They also
look ahead and try to understand where a technology is going in five to 10
years.
Right now, security people are examining potential security risks posed
by devices like PDAs (personal data assistants), cellular phones and various
wireless devices. Any device that can receive information is potentially vulnerable
and has to be free from intrusion.
"The whole field of security is being turned on its ear," Sakowski says.
According to Sakowski, people with a great deal of training and experience
are in greatest demand. Companies around the globe are looking for people
with the same high-level security clearances that the military requires.
Calvin Woosnam is a high-level security consultant. He introduced Windows
NT (a network operating system) and developed the strict B1 secure networks
that banks use. Companies hire Woosnam to evaluate their systems and their
security departments.
When Woosnam interviews a potential employee, he first asks them what areas
they are knowledgeable in. Then he asks a number of questions to determine
how much they know about those areas.
"Nine times out of 10, people have only surface knowledge," he says. "Occasionally
you find a bright star and this is somebody you promote."
Security-capable information technology (IT) people are paid an average
of 20 percent more than regular IT employees, says Woosnam.
The demand for highly qualified security people is expected to increase
at a rate of 20 percent a year for the next seven years, Sakowski estimates.
Security professionals need a range of skills. Sakowski explains that they
must understand hardware and also the necessity for good, solid software code.
Companies are hiring individuals who combine training with practical, hands-on-experience.
They especially want people with experience setting up backbone and software
systems correctly.
A security designation is also desirable. Technology companies like Cisco
(a computer manufacturer) are now offering security designations as well as
network designations.
Lewis points out that you can't become a security pro in a few months'
time. A degree in computer science helps, he says, but is not essential.
A good grounding in networks and operating systems is important. Linux
skills are mandatory because many of the tools and scripts are run on this
operating system.
"You start as a system/network administrator and move upwards," says Lewis.
"Much of what you learn is often self-taught."
In the recent past, some companies hired hackers without formal training
to tend to their security systems. They believed that a hacker would know
how to protect the system from other hackers.
Today, companies are moving away from that practice. Sakowski explains
that high school students who learn to hack have not learned all the basics.
They don't have the broader skill set that employers demand.
Woosnam agrees. He points out that when hackers are caught and decide
to clean up their acts, they usually return to school. They have to fill in
the gaps in their knowledge. "I've seen it time and again," he says.
Security pros prevent attacks and recover the system quickly should an
attack occur. Those with in-depth training can see the vulnerabilities much
better than those who have learned solely through hands-on experimenting.
"With education, you can look beyond what is already known and see the
potential for what could be," Woosnam says.
On the other hand, Lewis says that unless you hone your skills breaking
into systems, you will not be in a position to secure them. Many of the tools
mimic breaking into systems to show any vulnerability.
However, he points out that employers will pre-screen the candidate for
reliability and track record. "Good credentials and a trustworthy past record
will be the essential factors," he adds.
Some security people think the best way to get a job is to first hack a
corporate website, then ask the employer to hire them to protect that site.
Woosnam isn't keen on this approach. He points out that it is illegal and
leads to distrust.
However, he does advocate researching an employer's website before the
interview. "Study the site's content, structure and source code," he advises,
"But don't cross the line to hacker-dom."
With everyone looking for experienced people, how does a new person break
into the field? Sakowski suggests students in technical school or college
ask the instructor to establish labs where they help set up the school's system.
This provides practical, hands-on experience.
Companies and larger corporations will see you as more attractive if you
have that experience. People who have worked in a banking atmosphere will
also have some of the skill sets.
Woosnam says breaking into the field is a matter of trust, apprenticeship
and a bit of luck. Communication skills, people skills and teamwork skills
are also very important.
Links
Computer Security News
Stay on top of what’s happenings in the cyber-security world
Security Resources
Lots of information and links for a wide range of security-related
issues
How Firewalls Work
Find out about one way you can try to keep hackers out
Issues: Hiring Hackers
This is one point of view on hiring hackers to work in security
Back to Career Cluster