The coolest IT security jobs
SANS Institute to issue guide to most interesting IT security jobs.
- By Wyatt Kash
- Oct 24, 2008
Looking for the coolest jobs in IT? A new survey of information
technology and network security specialists suggests that the place
to look is on the front lines of cyber space'and that the
variety of work is greater than many might suspect.
The survey was conducted by the SANS Institute, the IT security
training and research organization. The results will be published
later this year in the form of an information booklet aimed at
interesting students to consider a career in IT security.
The institute asked information security practitioners in
government and in no-government positions to describe their jobs
and the most interesting aspects about working in them. It also
asked security specialists to select which jobs they thought were
The top-ranking 'coolest' IT security jobs according
to government security employees:
1. Information security crime investigator/forensics
Why it's cool: 'The thrill of the hunt! You never
encounter the same crime twice!'
2. System, network and/or Web penetration
Why it's cool: 'You can be a hacker, but do it
legally and get paid a lot of money!' 'The power to
understand how systems can be penetrated and misused is something
less than 1 percent of people in the entire security industry know,
let alone the average citizen.'
3. Forensics analyst
Why it's cool: 'It's CSI for cyber
geeks!' 'It's like being one of the good spies on James
Bond.' 'Trying to find evidence without altering the
system and maintaining the chain of evidence is
4 (tie). Incident response, incident
Why it's cool: 'This may be the top of the 'top gun'
jobs because it lets you move into a cooler, analytical environment
where you can go deep with your knowledge.' 'You get
visibility with your organization when they happen.'
'Like the secret agent of tech geekdom.'
4 (tie). Security architect
Why it's cool: 'You get to design the solution, and
not just for the perimeter.' 'You get to work with all
the tech experts as a team, to plan the technology
directions.' 'You get to research and play with new
'toys' all the time.'
6. Vulnerability researcher
Why it's cool: 'You get to tear apart malware and
find out how it ticks.' 'Reverse engineers take a deep
look into code segments to determine what is really happening under
the hood.' 'It's a very exclusive club.'
7 (tie). Network security engineer
Why it's cool: 'If there's one person indispensable,
it's the network person.' 'This is where the action is
and where everything is in a state of flux with newer and newer
7 (tie).Security analyst
Why it's cool: 'This job has influence at the top of
the organization.' 'If you want to make a difference
but don't necessarily want all the managerial BS, this is the job
for you.' 'It is the only clear path to the real top
gun of security: chief information security officer.'
7 (tie).Sworn law enforcement officer
specializing in information security crime
Why it's cool: 'Ability to catch the bad guys ...
the end result is a rush.' 'This is where the geeks
among us can really show up the jocks.' 'Security
specialist and you get to carry a gun!!!'
10 (tie). CISO/ISO or director of security
Why it's cool: 'I can get a lot done with little to
no push back.' 'You get to decide where to build the
"watch towers", how many rangers are stationed in the park, where
fires can be safely built, and the rules of engagement.'
10 (tie). Application penetration tester
Why it's cool: 'You're an 'ethical hacker'.
'It takes equal parts technical ability and
creativity,' 'Combines applying different thought
processes to system analysis with exploration tools, and a sort of
dangerous level of knowledge.'
The next highest ranking positions:
- Security operations center analyst
- Prosecutor specializing in information security crime
- Technical director and deputy CISO
- Firewall/IPS administrator
- Security evangelist
- Vulnerability assessment analyst
- Security auditor
- Security assessment consultant
- Technical security teacher
- Security savvy software developer
- Security maven in the application developer organization
- Disaster recovery/business continuity analyst/manager
'Of particular interest to me,' observed Alan
Paller, the SANS Institute's Director of Research, 'are
the low rankings that government people give the CISOs.' The
chief information security officer position 'ranked much
higher in the non-government world.'
He also noted the high ranking that non-government people give
application penetration testing, 'illuminating the fact that
the government hasn't yet focused (as much as commercial
organizations) on the critical new attack vector of
application-based attacks,' he said.
The top-ranking 'coolest' IT security jobs
according to non-government security employees:
1 (tie). System, Network, and/or Web penetration tester
1 (tie): Information security crime investigator/forensics
3. Forensics analyst
4. Vulnerability researcher
5. Application penetration tester
6. Security architect
7. CISO/ISO or director of security
8 (tie). Incident response, incident handler
8 (tie). Sworn law enforcement officer specializing in information
10. Security evangelist
Wyatt Kash served as chief editor of GCN (October 2004 to August 2010) and also of Defense Systems (January 2009 to August 2010). He currently serves as Content Director and Editor at Large of 1105 Media.