According to The Wall Street Journal, in March of 2012, Global Payments, a credit card payment processor, discovered a breach of its system that exposed the personal information of at least 1.5 million customers to criminals. SC Magazine reported that the cost of the breach for Global Payments was $84.4 million with a potential for an additional cost of $55 to $65 million. Brian Krebs, a well-respected security blogger, broke the story, and his account is well worth reading. These kinds of incidents are all too common, and their frequency and impact are growing.
Computers control more and more critical parts of our daily lives. Google is experimenting with computer-driven cars, and computing and networks are becoming increasingly essential to health care, including computer-assisted surgery. Computing is also essential to managing much of our critical infrastructure, including nuclear power plants, emergency systems, transportation and banking. Under these circumstances, it is vital that our computers be protected. This requires people skilled in information security. Unfortunately, there are far too few information security professionals to meet a growing demand. This may be a career you should consider.
What do we call it?
There are a number of terms that some use interchangeably for this field, while others insist that there are subtle or even major differences among the terms. Such terms include information technology (IT) security, cybersecurity, information assurance, and computer security. Since an in-depth conversation about these terms is well beyond the scope of this blog, I’m going to stick with the term “information security.” Just remember that you may encounter other terms that refer to the same field.
If the many names are not confusing enough, there are also numerous jobs and job titles for information security professionals. However, unlike the terms for information security, many of the various job titles have significantly different demands and experience levels. I will discuss the various types of information security positions in greater detail in a later post. For now, three of the major categories are defenders, auditors/testers, and management. Each requires a distinct, though overlapping and related, set of skills and body of knowledge.
There are many good reasons why you should consider information security as a career. The most important is that security is worthwhile work. Our advancing technology promises us a world with significant improvements in standard of living, better medicine, greater collaboration, more interesting work, and even better entertainment: think movies and video games. None of this, however, will be possible without the reliability that information security provides. By joining this field, you can help to ensure the continued growth of information technology and the promise that it provides.
I may sound overly enthusiastic about this field, but waking up in the morning and knowing that what you will do all day actually matters is a great feeling.
Another good reason to consider this field is that, when done properly, information security demands creativity and problem solving. A career in information security can be personally challenging and can lead to constant learning and growth. Additionally, because security expertise is needed in a staggering number of industries, there is no end to the flexibility that this career provides.
More practically, security careers tend to be a good path to a comfortable salary. Salary, of course, depends on many things, including your level of experience, your special skills, your education, and the industry with which you are involved. But, according to salary.com, a security administration position can pay from $50,000 to $95,000, and I have seen information security positions that pay much higher, especially for talented and driven security professionals.
Security also provides career stability. While companies come and go, and no job is immune from layoffs, with solid information security experience, it should be much easier to find your next job than it will be for many other professionals. According to a survey of security professionals by ISC2, an international non-profit that provides security education and certifications, of the 2,250 respondents, only 7 percent were unemployed at any point during 2011. At the time of the survey, only 80 of the 2,250 were unemployed, and only half of them had been laid off. Other aspects of a security career that you should carefully consider are staying current with advances in the field and work/life balance.
Staying Current with Advances in the Field
It is essential that information security professionals stay current with advances in the field. Technology, threats, vulnerabilities, and management all change, and the changes can occur rapidly. All of these changes require that information security professionals continue their education, acquire certifications, receive training, attend conferences and vendor presentations, and read books, blogs, and articles. This can be exhausting, but it can also be exciting. Like many other aspects of this blog, the specifics of your ongoing learning will depend on the specific circumstances of your career. Nevertheless, you can be sure that some level of ongoing education will be a necessity.
Finally, there is the issue of work/life balance. I’ve seen information security jobs that provide great flexibility: time to spend with family, friends or hobbies. I’ve also seen information security jobs that require the professional to be on call 24/7, travel extensively, and work extra hours and with crunch time around major projects. Your mileage will vary. Work/life balance for security professionals depends on many things, such as your industry, area of responsibility and corporate culture. The good news is that information security expertise provides enough flexibility that you can change positions or jobs as your needs change.
Choosing the Path
Is information security the right path for you? This field is not for everyone, but if it sounds like a good fit, I hope that you will seriously consider it. The world needs more good people to protect our information and computer systems.
I have edited this blog from the original on January 6, 2013. The original version of this blog referred to “Global Payments” as “Global Crossing.” This error has been corrected.