News

IT Pros List Coolest Security Jobs

• By Wyatt Kash
• October 24, 2008

The survey was conducted by the SANS Institute, the IT security training and research organization. The results will be published later this year in the form of an information booklet aimed at interesting students to consider a career in IT security.

The institute asked information security practitioners in government and non-government positions to describe their jobs and the most interesting aspects about working in them. It also asked security specialists to select which jobs they thought were "very cool."

The top-ranking "coolest" IT security jobs according to government security employees:

1. Information security crime investigator/forensics expert.
Why it's cool: "The thrill of the hunt! You never encounter the same crime twice!"

2. System, network and/or Web penetration tester.
Why it's cool: "You can be a hacker, but do it legally and get paid a lot of money!" "The power to understand how systems can be penetrated and misused is something less than 1 percent of people in the entire security industry know, let alone the average citizen."

3. Forensics analyst
Why it's cool: "It's CSI for cyber geeks!" "It's like being one of the good spies on James Bond." "Trying to find evidence without altering the system and maintaining the chain of evidence is challenging."

4. (Tie) Incident response, incident handler
Why it's cool: "This may be the top of the 'top gun' jobs because it lets you move into a cooler, analytical environment where you can go deep with your knowledge." "You get visibility with your organization when they happen." "Like the secret agent of tech geekdom."

4. (Tie) Security architect
Why it's cool: "You get to design the solution, and not just for the perimeter." "You get to work with all the tech experts as a team, to plan the technology directions." "You get to research and play with new 'toys' all the time."

6. Vulnerability researcher
Why it's cool: "You get to tear apart malware and find out how it ticks." "Reverse engineers take a deep look into code segments to determine what is really happening under the hood." "It's a very exclusive club."

7. (Tie) Network security engineer
Why it's cool: "If there's one person indispensable, it's the network person." "This is where the action is and where everything is in a state of flux with newer and newer technology."

7. (Tie) Security analyst
Why it's cool: "This job has influence at the top of the organization." "If you want to make a difference but don't necessarily want all the managerial BS, this is the job for you." "It is the only clear path to the real top gun of security: chief information security officer."

7. (Tie) Sworn law enforcement officer specializing in information security crime
Why it's cool: "Ability to catch the bad guys ... the end result is a rush." "This is where the geeks among us can really show up the jocks." "Security specialist and you get to carry a gun!"

10. (Tie) CISO/ISO or director of security
Why it's cool: "I can get a lot done with little to no push back." "You get to decide where to build the 'watch towers,' how many rangers are stationed in the park, where fires can be safely built, and the rules of engagement."

10. (Tie) Application penetration tester
Why it's cool: "You're an 'ethical hacker.'" "It takes equal parts technical ability and creativity," "Combines applying different thought processes to system analysis with exploration tools, and a sort of dangerous level of knowledge."

The next highest ranking positions:

• Security operations center analyst
• Prosecutor specializing in information security crime
• Technical director and deputy CISO
• Firewall/IPS administrator
• Security evangelist
• Vulnerability assessment analyst
• Security auditor
• Security assessment consultant
• Technical security teacher
• Security savvy software developer
• Security maven in the application developer organization
• Disaster recovery/business continuity analyst/manager

"Of particular interest to me," observed Alan Paller, the SANS Institute's Director of Research, "are the low rankings that government people give the CISOs." The chief information security officer position "ranked much higher in the non-government world."

He also noted the high ranking that non-government people give application penetration testing, "illuminating the fact that the government hasn't yet focused [as much as commercial organizations] on the critical new attack vector of application-based attacks," he said.

The top-ranking "coolest" IT security jobs according to non-government security employees:

1. (Tie) System, Network, and/or Web penetration tester
1. (Tie) Information security crime investigator/forensics expert
3. Forensics analyst
4. Vulnerability researcher
5. Application penetration tester
6. Security architect
7. CISO/ISO or director of security
8. (Tie) Incident response, incident handler
8. (Tie) Sworn law enforcement officer specializing in information security crime
10. Security evangelist