Computer Security: Can You Break the Code? The Buzz


Do you like to solve puzzles? Imagine being told to unravel a company's security code. That's what computer systems security analysts do. With computer security a growing concern, these workers have plenty of opportunities to test their puzzle-solving skills.

"Internet security has never been more important," agrees Marie-Helene Sakowski. She is the managing director of a high-tech recruiting company.

Sakowski explains that companies are concerned about recent intrusions into computer systems. Many are spending a lot of money to ensure their systems are as foolproof as possible.

Also, as companies demand safer products, software vendors respond by putting more effort into developing secure software. Microsoft has hired security experts to help them ensure that their software's code is robust and hacker-proof. This increases the demand for more skilled security workers.

"As long as there are curious people interested in peeping, job prospects in the field of computer security will be high," agrees M.P. Prakash R. Lewis. He is a system administrator in North Carolina.

"The worries are not just about viruses, worms and spam," Sakowski adds. "People are concerned with nasties that haven't yet been given names."

That has created an increasing demand for people with high backbone Internet skills. "Backbone Internet" refers to the hard wiring for switches and routers and other technologies. The backbone people are working with software developers to be sure the code is robust and hacker-proof.

Security analysts do more than protect existing technologies. They also look ahead and try to understand where a technology is going in five to 10 years.

Right now, security people are examining potential security risks posed by devices like PDAs (personal data assistants), cellular phones and various wireless devices. Any device that can receive information is potentially vulnerable and has to be free from intrusion.

"The whole field of security is being turned on its ear," Sakowski says.

According to Sakowski, people with a great deal of training and experience are in greatest demand. Companies around the globe are looking for people with the same high-level security clearances that the military requires.

Calvin Woosnam is a high-level security consultant. He introduced Windows NT (a network operating system) and developed the strict B1 secure networks that banks use. Companies hire Woosnam to evaluate their systems and their security departments.

When Woosnam interviews a potential employee, he first asks them what areas they are knowledgeable in. Then he asks a number of questions to determine how much they know about those areas.

"Nine times out of 10, people have only surface knowledge," he says. "Occasionally you find a bright star and this is somebody you promote."

Security-capable information technology (IT) people are paid an average of 20 percent more than regular IT employees, says Woosnam.

The demand for highly qualified security people is expected to increase at a rate of 20 percent a year for the next seven years, Sakowski estimates.

Security professionals need a range of skills. Sakowski explains that they must understand hardware and also the necessity for good, solid software code.

Companies are hiring individuals who combine training with practical, hands-on-experience. They especially want people with experience setting up backbone and software systems correctly.

A security designation is also desirable. Technology companies like Cisco (a computer manufacturer) are now offering security designations as well as network designations.

Lewis points out that you can't become a security pro in a few months' time. A degree in computer science helps, he says, but is not essential.

A good grounding in networks and operating systems is important. Linux skills are mandatory because many of the tools and scripts are run on this operating system.

"You start as a system/network administrator and move upwards," says Lewis. "Much of what you learn is often self-taught."

In the recent past, some companies hired hackers without formal training to tend to their security systems. They believed that a hacker would know how to protect the system from other hackers.

Today, companies are moving away from that practice. Sakowski explains that high school students who learn to hack have not learned all the basics. They don't have the broader skill set that employers demand.

Woosnam agrees. He points out that when hackers are caught and decide to clean up their acts, they usually return to school. They have to fill in the gaps in their knowledge. "I've seen it time and again," he says.

Security pros prevent attacks and recover the system quickly should an attack occur. Those with in-depth training can see the vulnerabilities much better than those who have learned solely through hands-on experimenting.

"With education, you can look beyond what is already known and see the potential for what could be," Woosnam says.

On the other hand, Lewis says that unless you hone your skills breaking into systems, you will not be in a position to secure them. Many of the tools mimic breaking into systems to show any vulnerability.

However, he points out that employers will pre-screen the candidate for reliability and track record. "Good credentials and a trustworthy past record will be the essential factors," he adds.

Some security people think the best way to get a job is to first hack a corporate website, then ask the employer to hire them to protect that site. Woosnam isn't keen on this approach. He points out that it is illegal and leads to distrust.

However, he does advocate researching an employer's website before the interview. "Study the site's content, structure and source code," he advises, "But don't cross the line to hacker-dom."

With everyone looking for experienced people, how does a new person break into the field? Sakowski suggests students in technical school or college ask the instructor to establish labs where they help set up the school's system. This provides practical, hands-on experience.

Companies and larger corporations will see you as more attractive if you have that experience. People who have worked in a banking atmosphere will also have some of the skill sets.

Woosnam says breaking into the field is a matter of trust, apprenticeship and a bit of luck. Communication skills, people skills and teamwork skills are also very important.

Links

Computer Security News
Stay on top of what’s happenings in the cyber-security world

Security Resources
Lots of information and links for a wide range of security-related issues

How Firewalls Work
Find out about one way you can try to keep hackers out

Issues: Hiring Hackers
This is one point of view on hiring hackers to work in security