Wow

Bl8ckr0uter

Is Network Security a Dead End Career? | NetworkWorld.com Community

This article is very interesting. I wonder how true it is.

Synthros

knwminus wrote: »

This article is very interesting. I wonder how true it is.

I personally don't think so from a long-term perspective. There will always be valleys and plateaus for security professionals, as with most other roles in the IT field. There are periods where things run rampant, and it appears that hackers are exploiting weak areas in software/hardware left and right. During these times, the security folks are working day and night to come up with solutions to these types of problems. On the flipside, there are periods when it seems that we have have won the battle. No earth-shattering security exploits that are compromising major corporate systems, and security pros find themselves performing monotonous maintenance tasks and running reports...maybe we're currently in the midst of one of those times.

phoeneous

SaaS is the devil.

tpatt100

I already see security as a big part of IT due to all the regulations that exist now and new ones that will be written. I also think now a days it's hard to justify IT security positions that only do security unless it's a large company

DevilWAH

knwminus wrote: »

Is Network Security a Dead End Career? | NetworkWorld.com Community

This article is very interesting. I wonder how true it is.

Not very,

Working in a network for which security is a main focus point, you relises that there are many tools out there that can do the "big" stuff.

but the more you tie down a network the more "exceptions" to the rules you need.

Take for instance a simple thing like HTTP security. Enabeling or disabeling it on a site wide scale is easy.

but how about when you need different levels of acess, and you provide different leves of service to different groups of people? What HTTP methods do you allow different people to use on different sites?

how do you prevent you public servers becoming infected or "hacked" and compermising your secure internal network, while still allowing people inside you network to work seamlessly on them from there desktops?

These are all simple things to do, if you understand the consepts of security when it comes to HTTP. But this is the thing with networking as a whole. carrying out indivual tasks are becoming more simple. But you are now expected to be able to do more different things and more complex things in the same time frame with less equipment.

Its exactly the same as networking or IT as a whole. Before managed switchs, DHCP, DNS.. etc. Setting up a network such as the internet would have been way beyond possibility.

But peopel didn't just take these new tools apply them to there small networks and sat back and relaxed. they used them to build every bigger and better ones. And I think this security is the same, we are a long long way from winning the war.

We may defend agaisnt spam emails, but they still clog up 50% or more of the internet bandwith. people are still sending out viruses and malware, and tehre are a ton of people activaly probing the internet looking for weaknesses. Just becasue we have moved the problem in many cases from the desktop to the edge of the network where is is unseen by the users, does not mean the problem has been solved.

I do agree that compinies will want people who can both work on generaly and on security mesures, but to suggest that network security will be a think of the past any time soon is rediclious.

tpatt100

And from my own personal experience? Applying and following security is one thing. Like what was said earlier the exceptions are the problem. And half of what I do is documentating these exceptions and ensuring the records are accurate and up to date. If an attack exploits a system on your network and you have no documentation that your manager authorized a patch being held off on you can find yourself sold out and out the door

phoeneous

Honestly, I think all the article says is how bored Jimmy is with his career. He's been in security for quite some time and probably needs something new to stir his pot. I don't blame him but I also wouldn't go as far as saying netsec is dead. Would "stuck in a rut" be a better phrase?

Paul Boz

Quite the opposite. The security field lets the stars really shine. If you're excellent at what you do the sky's the limit. If you stay on the forefront of technology and look at everything from a questionable standpoint you're destined to be good for a long time.

Compound that with the growth of regulation in industries such as energy, health care, and finances, and you'll observe that security is just getting bigger and bigger. I'd say that of all of the IT fields security has the MOST room for growth.

networker050184

The way I read it is that the role of a company security admin is becoming less needed with automation of updates signatures and the like. I don't think he was trying to say the security field as a whole is losing steam. Its just like any other technology, the longer its around the more stream lined and user friendly it becomes. This leaves security admin more as a side role or something that is out sourced. You don't really need a full time guy to ensure your dot1x and firewall rules are in place.

Paul Boz

networker050184 wrote: »

The way I read it is that the role of a company security admin is becoming less needed with automation of updates signatures and the like. I don't think he was trying to say the security field as a whole is losing steam. Its just like any other technology, the longer its around the more stream lined and user friendly it becomes. This leaves security admin more as a side role or something that is out sourced. You don't really need a full time guy to ensure your dot1x and firewall rules are in place.

Or do you? It's nice to know that if your network comes under attack at 3:00am you're covered.

networker050184

Paul Boz wrote: »

Or do you? It's nice to know that if your network comes under attack at 3:00am you're covered.

That's what the outsourced company is paid for! I'm not saying its a reasonable approach for all companies, but the majority of companies could easily outsource their day to day security administration or have the "network guy" handle the firewall as well. We don't have any kind of dedicated corporate security people on board here. The network guys handle all the firewall, VPN etc. We do have a managed security product that is a pretty big seller though

Paul Boz

Third party managed security is one of the bigger growth sectors in security for those reasons. I work for a third party security company and I'd say at least 75% of my clients have a third party managing their firewall and or external IPS. Most people chose not to deploy internal firewalls or complex network security because the managed cost scales drastically.

networker050184

Paul Boz wrote: »

Third party managed security is one of the bigger growth sectors in security for those reasons. I work for a third party security company and I'd say at least 75% of my clients have a third party managing their firewall and or external IPS. Most people chose not to deploy internal firewalls or complex network security because the managed cost scales drastically.

I think that was what he was trying to get a cross in that article. Maybe I'm interpreting it wrong though. The days of the in house security admin are coming to an end.

Paul Boz

networker050184 wrote: »

I think that was what he was trying to get a cross in that article. Maybe I'm interpreting it wrong though. The days of the in house security admin are coming to an end.

I think that for the small to medium-small market you're right on. However, the more complex a network is to manage the more those management fees add up. At a certain point its actually more economical to bring someone internally. If you spend $100,000/year on third party management it may be more economical to bring that internal for $80k/year in salary.

You also have to look at the regulatory and compliance requirements. If you're a $100m credit union the auditors aren't going to find a problem with you outsourcing your firewall. On the other hand, if you're a $4b credit union and you're outsourcing all of your security administration you'll probably get some regulator kickback due to possible negligence or lack of due care.