网络安全师走俏,一专多能最吃香
最近新闻集团爆出了电话窃听丑闻,但千万不要因为这件事就对黑客产生误解。现在的网络犯罪正变得越来越复杂、越来越危险,但它也催生了一个新的工种,很多“防黑客”的工作。最近美国一系列政府网站遭受网络袭击,加之花旗银行(Citigroup)和索尼(Sony)等大公司的被黑,促使政企两界纷纷出手,招揽更优秀的防黑客人才。尽管美国五角大楼(Pentagon)正在大幅削减总体军费预算,但它花在网络安全上的开支却有增无减。随着网络安全威胁的日益加大,网络分析这一职业已经成了一个新的职业增长领域,无论在大银行还是在初创公司里都是如此。 合法黑客召集令 好消息是,企业克扣网络安全支出的日子几乎已经成了历史。过去,企业主要依靠雇佣外部顾问来处理重大网络安全隐患,对于那些一般性的网络威胁,则只是简单地指派IT经理们来应付。McGladrey咨询公司的首席安全性和隐私顾问达蒙•吉奥普佛特表示:“以前连Windows管理员都要会处理安全性问题。但是事实证明这种模式并非长久之计。” 目前,外部的网络安全性公司仍然扮演着十分重要的角色,由于网络安全威胁频发,这些公司的业务甚至十分兴旺。不过最有增长前途的,可能还是大企业里的那些仍在发展壮大的网络安全性团队。现在企业正在四处网罗各种水平的网络专家,他们之中既有初出茅庐的新手——可以为企业提供“三班倒”式的值班服务,也有可以替企业运筹帷幄的行业骨灰级人物。 “合法黑客”必杀技 不管你是拥有深厚IT背景的老枪,还是初入江湖的菜鸟,进入网络安全这一行的途径多种多样,每条道路需要的技能组合也各不相同。吉奥普佛特称,六七年前的时候,这个领域主要是被那些拥有“货真价实的网络安全性经验”的人所把持。他们要么在防网络攻击或法律执行方面拥有坚实的经验,要么就是在能够自行处理某些网络安全问题的大型IT部门里干过。 但是现在,企业已经不单单把眼光投向那些拥有长期经验的老手。证书只能表明你很严肃地看待这份工作,但仅凭证书却并不能为你赢得这份工作。你必须要对格外关注某些其它领域,比如可以额外学习一门管理知识,或者学习风险评估甚至心理学,才能脱颖而出,成功入选。因为现在许多网络安全性团队都在采用交叉学科的分析方式,以便在网络袭击发动之前发现危险信号。 技术证书好比敲门砖,它可以把你领进门,但如果活干得不好的话,还是一样会被扫地出门。吉奥普佛特强调,现在业界已经学会了如何清退滥竽充数的机会主义份子。“你可能必须得和某个像我这样的人面对面坐下来,我会给你一个任务,要你在30秒钟的时间内说服我录用你。”他说:“考证当然是必要的,但是只有突出某个特定领域的知识深度,才能赢得招聘者的青睐。” 扎实的学术背景也会增加你获得工作的机率:美国电话电报公司(AT&T)的安全总监爱德华•阿莫罗索表示,该公司最近招聘了10多名博士生,他们都是刚搞定毕业论文就被公司录取了。不过阿莫罗索和其他招聘者也表示,他们也在寻找拥有黑客心态的电脑科学家。吉奥普佛特指出,如果你恰好在计算机方面极有才华,但是却没有高学历,那么获得工作的关键就是参与行业的演讨会和会议,利用这些场合来展示你的成熟,告诉招聘者你是可以沟通的。如果人们无法忍受与你共事的话,哪怕你在睡梦里都能编程也无济于事。 没有特殊的技术怎么办?不要着急,如果不擅长干键盘上的工作,这个行业里还有越来越多的“混合工种”等着人做。比如网络安全的审计方面需要的人手可能不必懂编程,但却要知道如何进行规范管理。 美国电话电报公司、富国银行(Wells Fargo)、花旗集团、微软(Microsoft)和波音(Boeing)这样的大企业在招聘时给网络安全人员开出的年薪大概都在5万到12万美元之间。网络安全是一个正在兴起的行业——哪怕你以前是个黑客,现在想弃恶从善也犹未为晚。 译者:朴成奎 |
Don't let the headlines about New Corp.'s (NWSA) recent phone follies give you the wrong idea about hacking: Cyber crime is only getting more complex and dangerous, but it is creating new jobs for people who want to fight it. Recent high-profile hacks of government sites, Citigroup (C), and Sony (SNE) have added to the rush for more qualified staff. The Pentagon has committed to spend more on cyber security even as it slashes its overall budget. Increasing threats make cyber analysis a growth area for everyone from banks to startups. Where the legal hackers are The good news is that the days of corporations skimping on internal cyber security are almost over. In the past, companies could get away with hiring external consultants for big jobs while simply reassigning IT managers to handle more standard threats. "A Windows administrator would have to do security as well," says Damon Geopfert, McGladrey's top man for security and privacy consulting. "But," he adds, "that has been proven an unsustainable model." Current outside cyber security firms will stick around and even flourish in the face of so many threats, but internal cyber security teams under development at major companies may provide the best growth opportunity. Businesses are looking for experts at all skill levels, from greenhorns in eight-hour shifts to industry greybeards who can watch the big picture. The skills you need Whether you have a prior IT background or are only just entering the work force, ways to get into cyber security are diversifying alongside its skillsets. Six or seven years ago, Geopfert says, the field was dominated by people with "hardcore security experience" in defense, law enforcement, or a major IT department that handled some of its own security. But now, companies aren't simply looking for veterans with long-term experience. Certifications demonstrate you're serious about the job, but they don't cut it on their own. Differentiate yourself through additional areas of focus, such as a management knowledge, risk assessment, or even psychology to join expanding teams that use interdisciplinary approaches to spot the warning signs of an attack before it happens. While technical credentials can get you in the door, you'll get nailed if you can't handle the work. Geopfert stresses that the industry has learned how to weed out unqualified opportunists. "You're going to have to sit down with somebody like me that will ask you to talk me through processes in 30 seconds," he says. "Go get the certs, but highlight your depth of knowledge in specific areas -- recruiters will appreciate it." A strong academic background always helps: AT&T (T) has recently hired a dozen PhDs right out of their dissertations, according to chief of security Edward Amoroso. But Amoroso and other recruiters say they also look for computer scientists with a hacker's mentality. Even if you just have natural aptitude in lieu of an advanced degree, Geopfert says the key is to participate in industry chats and conferences where you can demonstrate maturity and show recruiters you can maintain a conversation. Being able to code in your sleep won't help if people can't stand to work with you. Not particularly technical? There are an increasing number of "hybrid" jobs if you're all thumbs on a keyboard. The auditing side of cyber security needs candidates who might not be able to write security programs but can understand how to regulate activity. With salaries from $50,000 to $120,000 dollars a year and companies such as AT&T, Wells Fargo (WFC), Citigroup, Microsoft (MSFT), and Boeing (BA) on the lookout for staff, cyber security is a growing industry -- even if you're a former hacker who wants to play it straight. |