Even as security professionals go about tightening the insecure nuts and bolts of the organization’s networks, they cannot act after a worm or a hacker has got it right. They have to be pro-actively ahead in this race within the hairpin bend. This is what separates the effective security specialist from the spectators. “To be a good security professional one needs to know that security is not only a major technical problem but is a big business problem,” advises Srinivasa Vaduguru, Senior QA Manager, McAfee India.
People Involved
Information security specialists are broadly divided into two–those involved with product development and services; and those involved with managing the information infrastructure. Product and services specialists are involved in various areas:
1. Programmers are those who build the secure software, deal with threat modeling and code review.
2. Testing specialists do functionality tests from a security perspective.
3. Research specialists indulge in threat detection, analysis and development.
4. Consultants do all the above procedures.
What Counts?