The recent proliferation of mobile devices such as smartphones, PDAs, laptops and USB drives has thrown up enormous challenges in the security space. International Data Corporation (IDC) predicts that by 2007, 90 percent of corporate mailboxes will be accessed by mobile devices. The dependency on mobile devices has fueled a huge demand for well trained and experienced IT security professionals.

Career options like hosting Internet Service Providers (ISP) and content providers are the obvious choices in mobile security, as is the demand for application porting. Specific security requirements are also coming up in hardware in the area of embedded system. On the other hand, application testing, porting and secure content development/management are options in the software domain. Consulting opportunities are also abundant for Ethical Hackers/Pen testers, vulnerability testers as well as application security specialists.

K. K. Chaudhary, Head - Client Solutions Group at SecureSynergy feels that currently in India, mobile security, being a relatively new realm, there are very few professionals working exclusively in this domain. “But it is not difficult for a security professional to switch to the mobile domain if he has expertise in networking and systems/database administration and some coding experience in any of the major platforms,” he says. Though some development tools are similar to that of desktop security, certain skill sets are specific for mobile security professional, which he needs to fathom.

The main skills of techies in mobile security include: a good understanding of the mobile technology with domain knowledge of GSM, GPRS, 3G/WiMAX, WLL, Microwave, VSAT, WEP and encryption security technologies. Such people should also have the skills of exploiting the vulnerabilities in such systems and the ability to ‘patch’ them and master the code-writing skill.

In addition they are expected to use a few freely available tools such as NetStumbler, AirSnort, WEPCrack, AirMagnet, Wireless Security Auditor, SiVuS, RF-Dump-the-new in a simulated environment. They can also learn management products governing this space like Credant (Mobile Data Protection) and Safend (End point security).
Companies generally look out for two types of professionals in the mobile security space: process experts and technical experts. With standard certifications, technical experts are expected to have proficiency in deploying firewalls, intrusion detection and encryption systems, anti-virus suites et al. to ward off attackers, worms and viruses from a mobile device. For process experts, domain knowledge, such as conducting risk analysis and vulnerability assessments, develop policies and designing the Information Security Management System are vital.