Hiring Network Security Professionals
Why Would I Need to Hire a Security Professional?
The FBI has estimated that industrial espionage by foreign spies costs
US companies $200 billion per year. Companies also face theft
from current and former employees, trading partners, and the potential
threat from terrorist cyber-attackers. The Gartner Group estimates
that fully 70%
of all thefts that cause loss to businesses are from insiders.
How To Judge A Candidate
The most important qualification for any security professional to have
is experience. Five or more years of experience directly
related to security is enough to have seen the trends, understand the
mind-set of hackers, and see the common uses and mis-uses of networks.
With the high demand for network security professionals, and the
drought of experienced candidates, businesses have been willing to
settle for less experienced candidates. A number of organizations
have assembled training courses and certification exams to help bring
novices to a reasonable level of security understanding.
There are a number of certifications offered for security
professionals. No one standard has been generally accepted throughout
the community, and it will be a while before one emerges at the top of
the heap. The top contenders are:
This exam is considered to be the most difficult, and most
comprehensive security exam.
This exam was developed jointly between government, educational and
business. It tests many important aspects of the security
- TICSA. Offered by
TruSecure, a security services vendor, this exam is being heavily
promoted. Check for discounts on exam fees.
- SANS GIAC
Certification. The Global Incident Analysis Center offers a
baker's dozen certifications in the security arena. These
certifications are, for the most part, vendor neutral. However, they
do offer Unix and Windows specific certifications.
There are a number of vendor-specific exams. These include some for
Microsoft. In general these
exams only show competence in implementing and using vendor-specific
hardware and network architectures.
Ensure that any security professional you are looking to retain has
substantial experience and good references. Look at what they've done
for other companies similar to yours, and get references.