A very good article (thank you) and hits the weak point in many corporations. Unfortunately (today?) many companies see the tactical security, i.e. fighting the fires, much more important than having a security and risk management strategy and planning. They just can't win and are lucky to survive. So, the question is more than just IT security skills.
I don't believe the basic skills shortage, security problems are ages old, nothing new except the implementations change day by day but the basic problems have always been and always will be there. Tools and toys can be learned easily but a strategy is something else! There is no shortage of education, sources (and even vendor training) for IT only security methods and usage, but..
Security management is like any other business function management, very seldom the same persons have time to do all the risk management, strategic and tactical planning, design, management, and execution even if they would have both the strategy and the tactical skills,. Why even try (except maybe in a very small environment?) How often do you see Mr. D. Trump, his architects or even the construction managers installing security locks to a new building themselves but maybe changing the lock combinations if they are going to live there? However, they may have an external security company to install the locks!
And because business security is much more than just an IT problem, the security management doesn't belong to IT but should be a top level function in any business. In fields where the security has been an important part of the business a long, long time, as oil, airline, insurance, utility/power, even many manufacturing, etc, you don't see it managed by IT but they have organized it throughout the whole company.
I have seen it done both ways, personally done the risk assessment , risk, cost and return estimates and followup's over years, and so on - and on long run, sooner or later, the tactical only (or where the security doesn't have the top corporate support) has failed, often very badly!
Latest management headlines from Network World:
Dell links up with Salesforce's development platform
Government agency plans big power savings with BigFix
Fluke Networks acquires Viola VoIP management assets
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
jobless sec
How come then I am still jobless despite that fact I hold msc in information security, CISSP, CISA, CISM etc etc? There are simply no jobs in todays America.
I am actually willing to work for free just to retain my knowledge. any company willing to have a go? Hire me if you like what I do otherwise show me the door.
you probably have poor people skills
Hard to imagine someone with these credentials having trouble finding contract or permanent employment. Based on your defeatist attitude, I'd take a close look at your personality. Soft skills matter these days.