IT Security - Technical or Management

Posted by Naveen Bala at 10:16PM Sep 08, 2009

Add to Google Email AddThis Social Bookmark Button

Is IT security becoming a more technical position or becoming more management-oriented, like planning, assessment, compliance etc.?

This is part of the What it takes to be successful in IT Security series. Click Here to see more

Keith Crosley: Well, there are definitely changes on both fronts. As security threats proliferate and become more diverse, there are new specialty areas opening up. For example, one might specialize in email versus web security. But really, you only see that level of specialization in larger organizations. In a lot of IT organizations, IT security is just one of many hats worn by an IT manager or director.

As regulatory compliance becomes more important and affects a larger number of organizations (I'm thinking here of things like US state encryption laws, data protection regulations and guidelines, which are really proliferating) there are more and more IT security roles that are management oriented. Keep in mind, however, that roles like CSO (Chief Security Officer) and CISO (Chief Information Security Officer) are still relatively uncommon compared to the number of CIO roles out there (not to mention the more rare Chief Compliance Officer, Chief Privacy Officer, etc.)!

But overall, I would say that security is a clear growth area inside of IT.

Misha: Of course, it should combine all of the mentioned, may be less management-oriented.

David Oxley: I think it's going in both directions. As management and the compliance side of things becomes more and more important, people with a deeper knowledge of the technologies involved are that much more important.

Darrell Jones: It is becoming more management oriented. With federally mandated rules such as HIPPA or SOX, there has been extensive review and action to sure up the security of organizations systems and data. Today, penetration tests are common place. Therefore, a security professional is more in a consulting/managerial role because of all the specialization in the security field. In the past, security leaders start off their careers in technical roles, but all the positions including the hands on technical roles are becoming more consultative.

Robert Newby: It depends on which route you take. I have been technical support, sales engineer, product manager, architect and now a consultant - I started off technical and realised I wanted to do more on the management side, so worked my way towards it. You tend to move into more management orientated jobs with experience and length of time served in a company. I've moved companies and contracted, so never got into senior management positions, but my work is very much management orientated.

Lawrence Pingree: IT security will always be solution oriented, so it is important to understand solutions when trying to secure environments. Compliance is only a portion of the security job and of course good security supports compliance activities, however security is NOT compliance. Security is about risk reduction, compliance is the lowest bar to achieve, it is important that security practitioners set the bar higher. This way you will be in compliance even if laws/regulations get tougher, focus on risk reduction.

Robert McArdle: It really depends to be honest, I think it is about finding the balance between the two. Some security roles will be very technical, others quite management-orientated, and lot more will fall in the middle ground. The security industry is quite broad in its scope including everything from reverse engineers, penetration testers, system security engineers, qa, consultants, managers and a whole lot more.

Whether you find yourself leaning more towards the technical side or the management side there will certainly be roles that suit you focus, so it is best to concentrate on the areas that most interest you.

Sebastian Bortnik: IT security is becoming increasingly a matter of management. For proper management of information security in an organization, it is necessary to supplement the technology with process management, human resources, training and other non-technical factors.

However, this doesn't mean that there aren't issues or jobs for more technical skills.

But definitely, the CISO (Chief Information Security Officer) role needs management knowledge.

Shakeel Ali : Due to the vertical growth in new and advance technology, it is quite acceptable that many companies required more technical expertise than just management. Although, for higher-level positions such as, Chief Information Officer or Chief Technical Officer, it is quite often that both skills are necessary to run the organization. Thus, IT Security has become a mixture of technical and management areas.

Richard Stiennon: It is splitting. On the one hand researchers and product developers are facing a continuous change in the technology of attacks as well as defenses. On the other hand regulatory compliance is pushing a huge boom in the managerial side.

Vijay Vedanabhatla: It is becoming more business specific. There are numerous tools/methodologies that help you in identifying vulnerabilities. But how do these relate to the specific business? This will be the question moving forward. Moreover during these crunch times, its all about ROI.
Invite Your Comments

Comments:


Post a Comment:
Comments are closed for this entry.

RECENT STORIES

IT Security - What it Takes to be successful

Meet the IT Security Experts

IT Security - Need a Degree, Certification or Background?

IT Security - Technical or Management

IT Security Certification - Is it a Must?

The Burning Issues in IT Security

IT Security & the Down Economy - What to do?

Common Executive Resume Mistakes

Preparing for Executive Interviews

Strengthening Your Executive Resume with the Right Keywords


Archives

More Jobs in OdinJobsNetwork
Contributors
Carl Williams
Naveen Bala