Resiliency: Not if, when As network security has matured, so has the outlook of many weathered IT departments, which now no longer presume that they will always be able to protect their networks from the next evil-doer. Instead, a greater focus is on not only protection, but also recovery.In job interviews, techies are increasingly questioned about not only what they know how to secure, but also how well they can recover a failed effort. Network downtime is lost money for a business, and each company wants to know how its next IT pro can put a cap on this damage. "When IT security pros are interviewing, theyre getting asked not just what they have done to prevent intrusions, but what they did after, understanding that its often more a matter of when than if," Katherine Spencer Lee, executive director of Robert Half Technology, based in Menlo Park, Calif., told eWEEK. Embedding of security into all IT jobs While the largest corporations will always have dedicated security teams, the smaller to midsize organizations increasingly need their IT department to be full of technology everymen: manning the help desk, database backups and security upgrades. "IT security is becoming so pervasive that its now part of everybodys job. If youre a programmer, even if it doesnt have to do with network security or passwords, its still a big part of your job," said Lee. Solid security knowledge and experience, once considered a bonus within a candidate, is now considered non-negotiable. "Ten years ago, you were either a help desk worker or a network administrator. Now, most positions require security experience. The world of IT gets hit with threats everyday any company sharing any sort of information has to have someone doing security in their company," said Colarusso. Smart guys think ahead Two of the fastest-growing job areas in IT security are in penetration testing and security analysis, both of which place emphasis on looking into a metaphorical glass ball and anticipating the biggest risks. "If you look at the most sought-after skill for someone in the security area to have, it would be a security analyst. This person performs risk assessment on enterprisewide networks, gathers information and assigns risk values," said Colarusso. Many argue that the current biggest enterprise security risks are in wireless threats, from PDAs to mobile phones to the laptops of remote employees. Any device that syncs the desktop with a network can set out a welcome mat for the bad guys, IT pros argue. "We are seeing multiple reports of data being lost on laptops," said Paul Davis, a Boston-based IT security strategist. "Who has started worrying about all of those PDAs and mobile phones being left in the back of taxis and airplanes?" Check out for the latest news, research and commentary on IT careers.
"The trend I see in IT security is in finding the highest impact areas, figuring out how to close those holes, and a move toward security as resiliency. There is an understanding that we know were going to get attacked, but how will we recover? This is a big trend," Ross Brown, CEO of Aliso Viejo, Calif.-based eEye Digital Security, a developer of endpoint security and vulnerability management software solutions, told eWEEK.