The 20 Coolest Jobs in Information Security

• #1 Information Security Crime Investigator/Forensics Expert
• #2 System, Network, and/or Web Penetration Tester
• #3 Forensic Analyst
• #4 Incident Responder
• #5 Security Architect
• #6 Malware Analyst
• #7 Network Security Engineer
• #8 Security Analyst
• #9 Computer Crime Investigator
• #10 CISO/ISO or Director of Security
• #11 Application Penetration Tester
• #12 Security Operations Center Analyst
• #13 Prosecutor Specializing in Information Security Crime
• #14 Technical Director and Deputy CISO
• #15 Intrusion Analyst
• #16 Vulnerability Researcher/ Exploit Developer
• #17 Security Auditor
• #18 Security-savvy Software Developer
• #19 Security Maven in an Application Developer Organization
• #20 Disaster Recovery/Business Continuity Analyst/Manager

#1 - Information Security Crime Investigator/Forensics Expert - Top Gun Job

The thrill of the hunt! You never encounter the same crime twice!

Job Description

This expert analyzes how intruders breached the infrastructure in order to identify additional systems/networks that have been compromised. Investigating traces left by complex attacks requires a forensic expert who is not only proficient in the latest forensic, response, and reverse engineering skills, but is astute in the latest exploit methodologies.

SANS Courses Recommended

• SEC408: Computer Forensic and E-discovery Essentials
• SEC508: Computer Forensics, Investigation, and Response (GCFA)
• SANS Forensics Summit

Why It's Cool

"In the private world, the security guy just cleans up the mess to try and keep the ship afloat, but when criminals strike, the crime investigator gets to see that the bad guys go to jail. Want to see the face of your enemy... behind bars? It's a thrill like no other - being pitted against the mind of the criminal and having to reconstruct his lawless path."

How It Makes a Difference

• "You are what stands between your organization and the hackers/malware out there."
• "This is a core job that provides nuts and bolts technical security controls for any enterprise. When things go wrong, this is the person that we all need to ask for help. They are the ones that will be able to look at the more esoteric logs and determine what happened, write a script to deal with problems, etc."

How to Be Successful

Having mastered intrusion prevention/detection, computer forensics, hacker exploit techniques, and some reverse engineering of malware, this forensics expert thinks there is always more to learn and actively seeks out new learning opportunities daily.

- Attend training, conferences, and summits that focus on methodologies described below.

Listen to the latest podcasts discussing recent events. Use your blog reader to pull articles automatically found on Websites that focus on discussing the latest trends.

- Stay abreast of the latest attack methodologies.

How are attackers breaking into networks? Keep up to date on the latest attacker, pen testing, and red-team methodologies. Learn how to track an attacker across multiple system and technologies.

- Stay ahead of the curve on the latest forensic and incident response methodologies.

In addition to traditional forensic methodologies, you need to master live data analysis and collection. Learn how to examine volatile data and collect it effectively. Learn how to identify personal identifiable information and payment card information quickly.

- Get familiar with techniques that enable you to quickly analyze malware found on your network.

A skilled investigator can examine malware and network signatures to create malware indicators on the network in order to discover additional systems that may have been breached.

-Rob Lee, Forensic/Incident Response Faculty, SANS
Principal Consultant, Mandiant Inc.

#2 - System, Network, and/or Web Penetration Tester* - Top Gun Job

You can be a hacker, but do it legally and get paid a lot of money!

Job Description

This expert finds security vulnerabilities in target systems, networks, and applications in order to help enterprises improve their security. By identifying which flaws can be exploited to cause business risk, the pen tester provides crucial insights into the most pressing issues and suggests how to prioritize security resources.

SANS Courses Recommended

• SEC542: Web Application Penetration Testing In-Depth (GWAPT)
• SEC560: Network Penetration Testing and Ethical Hacking (GPEN)
• SEC617: Wireless Ethical Hacking, Penetration Testing, and Defenses (GAWN)
• SANS Pen Testing Summit

Why It's Cool

• "There is nothing like finding the magic back door that everyone says isn't there!"
• "The power to understand how systems can be penetrated and misused is something less than one percent of people in the entire security industry know, let alone the average citizen."

How It Makes a Difference

• "You're the one who gets to figure out how to make a computer do a new task - for example, scripting and batch jobs and integrating multiple applications. When you automate a process, not only do you get the thrill of solving the puzzle, but you get recognition, and even more difficult problems to solve. Eventually, you become the 'go-to' person."

How to Be Successful

Successful pen testers must combine outside-the-box, contrarian thinking with attention-to-detail, carefully organized action. As you analyze target systems, continually think about how to unravel their defenses; approach problems in a different way than "normal" sysadmins would. You have to spot weaknesses and logic flaws that other people might miss.

- Some specific tips:

• Always ask target personnel what their biggest security concerns are before testing even begins;
• Manually verify salient findings from automated tools to lower the number of false positives.
• Always present your findings in light of the business risk they cause.
• Build a lab of three or four machines (real or virtual) and spend time practicing your ability to scan, exploit, and explore those machines, modeling OS and apps to real-world targets.
• Immerse yourself in puzzles and think about different ways to tear problems apart to find solutions.
• Attend security or hacker conferences and build up a network of associates who also conduct penetration testing.

-Ed Skoudis, Co-Founder and Senior Security Analyst InGuardians, Inc.

* Common starting point for people who become Top Guns. Sophisticated pen testers are considered Top Guns.

#10 - CISO/ISO or Director of Security

Seems like I can get a lot done with little to no push back

Job Description

Today's Chief Information Security Officers are no longer defined the way they used to be. While still technologists, today's CISO/ISO's must have business acumen, communication skills, and process-oriented thinking. They need to connect legal, regulatory, and local organizational requirements with risk taking, financial constraints and technological adoption.

SANS Courses Recommended

• MGT414: SANS® +S™ Training Program for the CISSP® Certification Exam (GISP)
• MGT504: Hacking For Managers (GCIM)
• MGT512: SANS Security Leadership Essentials for Managers with Knowledge Compression™ (GSLC)
• MGT525: Project Management and Effective Communications for Security Professionals and Managers (GCPM)

Why It's Cool

• "Authority always wins."
• "These people get to decide where to build the "watch towers", how many rangers are stationed in the park, where fires can be safely built, and the rules of engagement."

How It Makes a Difference

• "You have the creative direction to influence and directly contribute to the overall security of an organization. You are the senior security player, the only one whom the CEO will trust."
• "This position usually reports at a very high level, and gets to see and influence the big picture. You work with physical security, IT, the businesses, even the FBI and other law enforcement agencies."
• "You are da Boss. You can pick and choose who does what, what gets done, and motivate and then share the credit with your people. You make a real impact on a daily basis."

How to Be Successful

Organizations succeed by taking risks, and they frequently fail because they then don't manage the risk-taking very well. The risks are business risks, and the security team needs to see business constituencies as "customers". The "this is how it's always worked" idea must be discarded. Data-driven decisions, devolving perimeter, any-device thinking, collaboration technologies, virtualization, and mobile data are diametrically opposed to prior thinking. Today's solutions are tomorrow's threat, and global and geopolitical landscape shifts are tightly coupled to intellectual and informational threats.

Experience is often the training ground, and diverse thought along with scenario planning is the requirement for a good outcome. Focus on the business goals: Never forget that this is the basis for security thinking.

#18 - Security-savvy Software Developer*

Kool, because this is VERY rare.

Job Description

The security-savvy software developer leads all developers in the creation of secure software, implementing secure programming techniques that are free from logical design and technical implementation flaws. This expert is ultimately responsible for ensuring customer software is free from vulnerabilities that can be exploited by an attacker.

SANS Courses Recommended

• DEV541: Secure coding in Java/JEE: Developing Defensible Apps (GSSP-JAVA)
• DEV544: Secure Coding in.NET: Developing Defensible Apps (GSSP-.NET)

Why It's Cool

• "You get to make something that actually runs and does something (and won't break under pressure)."
• "These guys are the senior developers by virtue of their programming prowess."

How It Makes a Difference

• "No security architecture or policy can compensate for poorly written, buggy, insecure software. If one pays the necessary attention to security when a product is initially developed, one doesn't need to go back and add security later on."
• "This is where the rubber meets the road. These are the people making a difference where it really matters...in the software that runs the world."

How to Be Successful

The role of security-savvy software developer is challenging and rewarding from multiple perspectives. To be successful, you must understand a multitude of attack vectors used to exploit software to avoid the introduction of flaws. This experience is also needed to leverage the same attack tools and techniques an adversary might use to exploit your software, identifying flaws to be addressed before product shipment.

In a development role, your position will be vital to the company's success, including your ability to communicate the techniques used for secure software development to your peers. This can be challenging, since few enjoy having their work criticized and flaws identified, but is a necessary component of an overall secure software strategy. This role is critical to not only the success of the company, but also to all the customers who implement your software. Secure software development has a direct and undeniable impact on the ability of an organization to protect their systems and information assets, and you play a key role in that success.

-Joshua Wright, Senior Security Analyst, InGuardians, Inc.

* Often a stepping stone to a Top Gun job.