Computer Security Consulting by gogohome


									Computer Security Consulting: Is It The
Career For You?
What motivates people who decide to enter computer security consulting as a first or subsequent
career? Could it be the variety of work, with no two days the same? Could it be the promise of
avoiding the dead hand of corporate culture and the possibility of working for themselves? Or is
it just the technical challenge of constantly having to find new solutions to problems they've
never seen before? Whatever the reason, there has always been a steady trickle of new recruits to
the world of computer security consulting, and that trickle is getting larger as the field of
information security matures.

An IT security consultant needs an unusually wide skill-set. From cryptography to firewall
configuration to human resources management, the world of information security is both
specialised and surprisingly broad. This means, of course, that those embarking on computer
security consulting need to pick a sub-field and specialise in it. There are several possible niches
in IT security, but they include the following.

- A penetration tester probes an organisation's computer and network defences, in order to
discover vulnerabilities and recommend corrective action. Although widely seen as a technically
challenging job, it can in fact be tedious and lacking in variety at times.

- A network security consultant will set up or review an organisation's computer networks and
devices (e.g. firewalls, routers). This career path demands very specific skills, and would not
normally be recommended for someone with no experience of administering networks.

- An information security auditor will review an organisation's entire information security
arrangements, possibly analysing them in terms of ISO 27001, the international standard for
information security. Although requiring less in the way of in-depth technical skills, this career
path requires a certain amount of people management skills and experience of different types of
organisation. It also includes far more than computer security, covering as it does the information
security aspects of people, paper documents and physical security arrangements.

- Another sub-field of computer security consulting is the interim information security manager,
who is called upon, often at short notice, to "fill a gap" in a company for a relatively short period.
This can be either to bridge the gap between permanent employees, or else to take on a separate
project on a part-time basis. This career path demands extensive experience of management, as
well as the ability to get up to speed on a project extremely quickly.

- A business continuity consultant will help a firm to develop and implement a business
continuity plan, which will be called upon in the event of a disruption to the business. Naturally,
computer security forms part of this, but a much wider skill-set is required, as well as extensive
experience of businesses of all kinds.
It is clear that a huge variety of skills could potentially be deployed in computer security
consulting, as well as significant experience of businesses, people, and life in general. This is not
a career path for those who prefer an easy ride! However, for the right person, it can provide
more stimulation, challenge, and variety than many careers that are more commonly seen.

To top