IT security has become one of the most important focal points in private and public sectors. As the rise of cyber-threats impact the way we protect private data and prevent breaches that can cost into the billions of dollars to fix, the need for qualified IT security professionals is more pressing than ever before.
The demand for skilled professionals has been growing more than 10 percent each year, according to a survey conducted by (ISC)2, a non-profit association of IT professionals based in Clearwater, Florida. And the U.S. Bureau of Labor Statistics expects employment of IT security analysts to grow by almost 40 percent by 2022 – a rate higher than most other high-tech careers.
Eddie Schwarz, international vice president of the ISACA, has almost 30 years of experience in the IT world. He’s watched as the industry has converted to wireless, evolved into mobile and faced unique challenges in communicating between the back office and boardroom, In recent years, one of the most pressing issues he’s had to face is how to educate the next generation of IT analysts in up-to-date security compliance.
“Over the last seven years, we’ve seen advanced threats increase,” said Schwarz, who admits that many hackers have moved from more traditional types of crime to cyber-crime. “Cyber-terrorism isn’t going away. It’s actually getting worse and will continue to get worse in the foreseeable future. It affects everyone.”
According to Schwarz, the rate at which technology advances has a lot to do with the rise of the most devastating cyber-threats, particularly as the mobile industry skyrockets. “Everything is Internet-connected now,” says Schwarz, “which opens a lot of questions as tech marches faster and faster ahead.”
Some of these questions IT pros should be asking: How can I protect our mobile data? And what skills will I need to secure information as cyber-terrorism becomes an even bigger threat?
“We need people with the knowledge, skills and capabilities to feel safe and secure,” Schwarz explains. “But there’s a gap in knowledge and skills showing that there aren’t enough people that are experts in this field.”
Here’s What You Need to Know
Asher DeMetz of Sungard AS, an IT company with headquarters in Wayne, Pennsylvania, contributed a column to Forbes magazine about the most critical IT security skills needed on the corporate level today. “Lack of security is an issue in every corporation,” DeMetz said. “You want to build a targeted security strategy. To do so requires having a specific security skill-set.” He says that these skills may be found in-house or through a managed service provider.
The most important skill for any IT security pro right now is being able to set up a successful security program. As corporate leaders are becoming more aware of the need to bulk up security measures, they will inevitably look to a security manager to develop programs designed to reduce risks based on a customized environment. Because not every company is the same, the approach one takes to developing a security plan will not be the same either.
A theoretical approach to security may sound great in the boardroom, but it will only goes so far in protecting important data. A security pro, in addition to having a plan, also needs to be able to implement programs company-wide. In some ways, this can be the most challenging step in any security measure; as it can be difficult having longtime employees change the way they operate in traditional settings.
But everyone must be on board with a security plan, which should include not only hardware and networks within the office but also handhelds and mobile devices that are linked to the company, but exist outside of the network. A security manager must also be able to get the program set up and to manage it on a continual basis.
DeMetz said that in addition to day-to-day operations, being able to audit the system is critical to ensuring that it works. Not only are there compliance laws to consider, regular testing of the system will let the team know if the protocols are working and if there are any areas that need improvement.
In this case, ethical hacking could mean the difference between a risking a breach or staving off an attack. So, in addition to understanding how to keep data safe, a security expert should also be able to try and penetrate the system. Ethical hacking can indicate areas that could be at risk before a breach even happens.
In a worst-case scenario, a professional also needs to be able to respond to an attack immediately. “You’ll need to have the skills available to immediately address and remediate the problem,” says DeMetz. There is no waiting when a data breach occurs.
More Demand, More Money
Schwarz said IT professionals with these skills will be among the best-paid, most sought after analysts in the industry. “Cybersecurity is one of the hot fields today,” he says. Interestingly, he said that while a background in computer science helps to move into the field, it’s not necessary. He personally sees more and more professionals rising in the ranks from diverse educational backgrounds.
More than having a degree in computer science, employers are looking for people who can show they’ve gone through performance-based testing and exercised skills, said Schwarz, who was actually a fine art major before moving into IT. “They want to see that if the company is getting hacked, that you know what to do,” he said. “It also requires a desire to figure out what’s going on and understand why things are going wrong and what can be done to fix it.”
He said that for many years, the IT world was focused on a single generalized skill-set that may not always fit the bill when it comes to preventing cyber-terrorism. In fact, having more diversified skills may actually be a bonus for thinking outside the box and anticipating how to prevent hacking at some of the most respected organizations around the world.
“There’s no universal formula,” Schwarz said. But top IT pros should seek out companies and organizations where IT security is taken seriously. In banking, for example, as much as 15 percent of budgets are often directed toward cyber-security. “If an organization has a reliance on information – and most do at this point – and they don’t take cybersecurity seriously they have their heads in the sand.”
Natalie Hope McDonald is a writer and editor based in Philadelphia.