As a professional involved in enterprise information security, your value to an employer is diminished if your focus is limited to security technology alone. You also need to build up your ability to integrate security into enterprise solutions, and have awareness of industry specific regulations.

Relative to security technology itself, enterprises seem to distinguish candidates according to their particular technology background, particularly (Wikipedia definitions):

Network security: consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources

Data security: protecting a database from destructive forces and the unwanted actions of unauthorized users.

SIEM: real-time analysis of security alerts generated by network hardware and applications. SIEM solutions come as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes

Authentication: authorization (determining whether a privilege will be granted to a particular user or process), privacy (keeping information from becoming known to non-participants), and non-repudiation (not being able to deny having done something that was authorized to be done based on the authentication).

Identity Management, including single sign on, password management, access control, and risk management

Xtra Effort has found candidates whose experience is limited to network security are easier to find than the others, and they receive less compensation.   Enterprise security technology candidates who have experience selling or implementing security solutions related to the remaining disciplines are more highly sought after.  Especially if they can sell, architect, or configure solutions that achieve business objectives, enable productivity, and still protect the enterprise and their customers.

Employers want enterprise sales, sales engineering, and professional service security candidates who have knowledge of these security concepts AND how they relate to INDUSTRY SPECIFIC RULES and regulations. Healthcare, federal government and financial services are the most prevalent examples.

Sales professionals, project managers, business analysts, or industry specific professionals may enter the security world because of their deep knowledge of industry regulations, etc., without having the actual technical skills. They will be part of team which includes security technologists.

All candidates within the world of enterprise information security improve their careers by being well versed in solutions development, industry rules and regulations, and security technology.


Related Posts