Information Security Offers Significant Opportunity for IT Professionals

Unfortunately we have become all too familiar with Information Security breaches in the last several years. Whether an IT professional or a member of the common public, we have all begun to realize the importance that competent Information Security plays. The devastating impacts of security breaches show no discrimination, having already impacted government entities, hospitals, financial institutions, and a multitude of private companies to name just a few. Let us look into the background of Information Security and how it impacts you as an IT professional.

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. (1) Information security involves the confidentiality, integrity and availability of information and to whom the information is being made available. The primary layers of security would include: Physical, Personal and Organizational. Each of these areas is equally important and must be trained (in the case of human interaction), set up (in the case of the physical technologies), and managed to orchestrate a consistent and constant barrier with as a little likelihood of penetration or breach as possible.

A strategic area of concern is an organization’s infrastructure. Firewall and intrusion detection devices are a few examples that have become necessitated in recent years. There are a myriad of aspects within an organization’s infrastructure that had once gone unnoticed that are now being analyzed for areas of improvement. It is now commonplace to read an IT professional’s resume and see numerous infrastructure security conferences attended and corresponding certifications. Additionally, this has created a demand for many professionals to transition from what might have been a network administrator or infrastructure architect position to specialize in the area of information security.

Another area impacting IT security is that of application software security. Once an afterthought in software design, security is becoming an increasingly important concern during development as applications become more frequently accessible over networks and are, as a result, vulnerable to a wide variety of threats.

One example of a breach in application software security resides in identity theft. An estimated 15 million people per year are victimized by identity theft in the United States, according to the Federal Trade Commission (FTC) Ways and Means Committee. The hope is that through information integrity coupled with industry ingenuity, each small battle in the larger war will continue to be won.

Finally, information security governance and compliance is the final component of information security I would like to discuss. Encompassed within this umbrella are: implementation of management policy, procedures, IT audits, continuity planning, and security awareness and training. This area often interfaces with numerous non- IT employees within an organization. What this means is these individuals may not be completely aware of the magnitude that following proper company protocol and procedures plays in maintaining the overall security for the organization. Therefore, organization-wide trainings need to be held to convey the importance of Information Security and procedures is essential.

The field of information security has grown and evolved significantly in recent years. As a recruiter in the field, I have observed a dramatic increase in the importance of information security to many our clients, thus raising the demand for qualified IT professionals that specialize in those areas. As a career choice there are many ways of gaining entry into the field. It offers many areas for specialization including, securing network and allied infrastructure, securing applications and database(s), security testing, information systems auditing, business continuity planning and digital forensics science, to name a few. We will often encounter positions that are solely based in the information security area as well as more traditionally focused positions with either a concentration in security or at least some experience with information security. This is promising for those who may be interested in diversifying their existing skill set or looking to focus in a certain area of expertise. Please feel free to contact any of the Partner Technology recruiters regarding advice or possible opportunities relating to information security.