IT Pros List Coolest Security Jobs
- By Wyatt Kash
- October 24, 2008
Looking for the coolest jobs in IT? A new survey of information technology
and network security specialists suggests that the place to look is on the front
lines of cyberspace -- and that the variety of work is greater than many might
The survey was conducted by the SANS Institute, the IT security training and
research organization. The results will be published later this year in the
form of an information booklet aimed at interesting students to consider a career
in IT security.
The institute asked information security practitioners in government and non-government
positions to describe their jobs and the most interesting aspects about working
in them. It also asked security specialists to select which jobs they thought
were "very cool."
The top-ranking "coolest" IT security jobs according to government
1. Information security crime investigator/forensics expert.
Why it's cool: "The thrill of the hunt! You never encounter the same crime
2. System, network and/or Web penetration tester.
Why it's cool: "You can be a hacker, but do it legally and get paid a lot of
money!" "The power to understand how systems can be penetrated and misused is
something less than 1 percent of people in the entire security industry know,
let alone the average citizen."
3. Forensics analyst
Why it's cool: "It's CSI for cyber geeks!" "It's like being one of the good
spies on James Bond." "Trying to find evidence without altering the system and
maintaining the chain of evidence is challenging."
4. (Tie) Incident response, incident handler
Why it's cool: "This may be the top of the 'top gun' jobs because it lets you
move into a cooler, analytical environment where you can go deep with your knowledge."
"You get visibility with your organization when they happen." "Like the secret
agent of tech geekdom."
4. (Tie) Security architect
Why it's cool: "You get to design the solution, and not just for the perimeter."
"You get to work with all the tech experts as a team, to plan the technology
directions." "You get to research and play with new 'toys' all the time."
6. Vulnerability researcher
Why it's cool: "You get to tear apart malware and find out how it ticks." "Reverse
engineers take a deep look into code segments to determine what is really happening
under the hood." "It's a very exclusive club."
7. (Tie) Network security engineer
Why it's cool: "If there's one person indispensable, it's the network person."
"This is where the action is and where everything is in a state of flux with
newer and newer technology."
7. (Tie) Security analyst
Why it's cool: "This job has influence at the top of the organization." "If
you want to make a difference but don't necessarily want all the managerial
BS, this is the job for you." "It is the only clear path to the real top gun
of security: chief information security officer."
7. (Tie) Sworn law enforcement officer specializing in information security
Why it's cool: "Ability to catch the bad guys ... the end result is a rush."
"This is where the geeks among us can really show up the jocks." "Security specialist
and you get to carry a gun!"
10. (Tie) CISO/ISO or director of security
Why it's cool: "I can get a lot done with little to no push back." "You get
to decide where to build the 'watch towers,' how many rangers are stationed
in the park, where fires can be safely built, and the rules of engagement."
10. (Tie) Application penetration tester
Why it's cool: "You're an 'ethical hacker.'" "It takes equal parts technical
ability and creativity," "Combines applying different thought processes to system
analysis with exploration tools, and a sort of dangerous level of knowledge."
The next highest ranking positions:
- Security operations center analyst
- Prosecutor specializing in information security crime
- Technical director and deputy CISO
- Firewall/IPS administrator
- Security evangelist
- Vulnerability assessment analyst
- Security auditor
- Security assessment consultant
- Technical security teacher
- Security savvy software developer
- Security maven in the application developer organization
- Disaster recovery/business continuity analyst/manager
"Of particular interest to me," observed Alan Paller, the SANS
Institute's Director of Research, "are the low rankings that government
people give the CISOs." The chief information security officer position
"ranked much higher in the non-government world."
He also noted the high ranking that non-government people give application
penetration testing, "illuminating the fact that the government hasn't yet focused
[as much as commercial organizations] on the critical new attack vector of application-based
attacks," he said.
The top-ranking "coolest" IT security jobs according to non-government
1. (Tie) System, Network, and/or Web penetration tester
1. (Tie) Information security crime investigator/forensics expert
3. Forensics analyst
4. Vulnerability researcher
5. Application penetration tester
6. Security architect
7. CISO/ISO or director of security
8. (Tie) Incident response, incident handler
8. (Tie) Sworn law enforcement officer specializing in information
10. Security evangelist
Wyatt Kash is the editor in chief of Government Computer News (GCN.com).