What motivates people who decide to enter computer security consulting as a first or subsequent career? Could it be the variety of work, with no two days the same? Could it be the promise of avoiding the dead hand of corporate culture and the possibility of working for themselves? Or is it just the technical challenge of constantly having to find new solutions to problems they’ve never seen before? Whatever the reason, there has always been a steady trickle of new recruits to the world of computer security consulting, and that trickle is getting larger as the field of information security matures.
An IT security consultant needs an unusually wide skill-set. From cryptography to firewall configuration to human resources management, the world of information security is both specialised and surprisingly broad. This means, of course, that those embarking on computer security consulting need to pick a sub-field and specialise in it. There are several possible niches in IT security, but they include the following.
– A penetration tester probes an organisation’s computer and network defences, in order to discover vulnerabilities and recommend corrective action. Although widely seen as a technically challenging job, it can in fact be tedious and lacking in variety at times.
– A network security consultant will set up or review an organisation’s computer networks and devices (e.g. firewalls, routers). This career path demands very specific skills, and would not normally be recommended for someone with no experience of administering networks.
– An information security auditor will review an organisation’s entire information security arrangements, possibly analysing them in terms of ISO 27001, the international standard for information security. Although requiring less in the way of in-depth technical skills, this career path requires a certain amount of people management skills and experience of different types of organisation. It also includes far more than computer security, covering as it does the information security aspects of people, paper documents and physical security arrangements.
– Another sub-field of computer security consulting is the interim information security manager, who is called upon, often at short notice, to “fill a gap” in a company for a relatively short period. This can be either to bridge the gap between permanent employees, or else to take on a separate project on a part-time basis. This career path demands extensive experience of management, as well as the ability to get up to speed on a project extremely quickly.
– A business continuity consultant will help a firm to develop and implement a business continuity plan, which will be called upon in the event of a disruption to the business. Naturally, computer security forms part of this, but a much wider skill-set is required, as well as extensive experience of businesses of all kinds.
It is clear that a huge variety of skills could potentially be deployed in computer security consulting, as well as significant experience of businesses, people, and life in general. This is not a career path for those who prefer an easy ride! However, for the right person, it can provide more stimulation, challenge, and variety than many careers that are more commonly seen.