Bookmark and Share
RSS

Recent Posts

IT Security People

April 04, 2018

This week, I continue the computer security topic with a look at what “security people” do on a day-to-day basis. So far, I have discussed hardware and software, and now I want to explore the human aspects of security and security administration. Last week, I wrote about identity and access management products, endpoint security and messaging security programs like secure email gateways. Security specialists install and maintain products in these categories but the job of security specialist is bigger than that.  
 
A Sampling of the Jobs 
Let’s take a look at what some of the people do, looking at common IT security jobs like incident responder, security specialist, security consultant and security engineer. 
 
An incident responder is an IT professional who is responsible for handling security incidents, threats and vulnerabilities that arise in the day-to-day operation of an organization’s computer systems. They actively monitor networks for intrusions, perform security audits and penetration testing and conduct malware analysis. They need to have a wide range of skill and know how to use specific tools to do their jobs. 
 
A security specialist is an entry- to mid-level IT professional that is responsible for installing and configuring security solutions on corporate networks and performing vulnerability testing. Security specialists develop deep knowledge in ethical hacking, computer networking, programming and security information and event management. Depending on their experience level, they may also participate in analyzing the security requirements of their organization’s systems.
 
A security consultant is often an outside expert who helps an organization implement the best security solutions according to their security needs. Consultants are useful in implementing new technology as they help to jump-start an organizations deployment and use.  
 
A security engineer is a mid-level employee who is responsible for both building and maintaining the IT security solutions of an organization. Security engineers do a variety of tasks like configuring firewalls, testing new security solutions and investigating intrusion incidents along with among other duties.
 
In many organizations, depending on their size and scope, there is both a skills and management hierarchy. For skills, large and deep organizations employ security managers (create and execute security strategies) and security architects (knowledgeable in standards like ISO 27001/27002, ITIL and COBIT frameworks, and others). For management, they often employ security directors that are responsible for managing and allocating resources to various security programs within a security department and are led by a chief information security officer. 
 
What’s Next?
Next week, I’ll continue the computer security topic with a discussion of security standards used by security professionals like ISO/IEC 27001, a standard that specifies a management system that is intended to bring information security under explicit management control.  
 

Posted April 04, 2018 | Permalink

comments powered by Disqus