Updated: Dec 31, 2020
One of the key factors affecting cloud computing is that network bandwidth is becoming faster and faster, applications are becoming more and more Web-based, and mobile terminals have impacted traditional IT architecture. What is the future career development direction of IT cybersecurity personnel? I believe that many IT people have thought: Ten years ago, network engineers, system engineers, software engineers, and database engineers were all very popular professions, especially technical experts with top-level manufacturer certifications. Why doesn't it seem so popular nowadays? And holding CISA and other international qualifications has become a favorite in the talent market. Let's briefly analyze it together below:
1. Information systems also have a life cycle. The large-scale construction phase of telecommunications networks and information systems has long been over, and some system construction personnel are immediately converted to daily operations personnel. The demand for professionals in the operation and maintenance phase is no longer so fierce. The market has entered a relatively saturated state. Some technical professionals have already occupied a key position and have begun to enjoy the balance between life and work. However, there are always limited places to climb upward. Some professionals who are not willing to be mediocre have begun to turn their eyes to a broader field and start to act. Some people create new opportunities, and it is they who promote the progress of organizations and even the country and society;
2. The pressure of the cost of professionals has prompted the rise of IT service outsourcing. Call centers, software development, business processes, etc. have migrated to countries and regions with lower labor costs. The convenience of the Internet has quickly restored intellectual resources. The redistribution of IT engineers into the service outsourcing field caused most of the remaining IT engineers to have to transform, and new functions related to project management, risk control, network security, service management, etc. also appeared one after another, which happened to be able to absorb some of the transformed personnel;
3. The continuous improvement and innovation of science and technology have made related work more standardized, systematized, and automated, and IT applications and operations have become simpler, and even maintenance-related work does not require too much manual operation，which naturally does not require too much manpower. At the same time, it raises the requirements for business personnel to use IT systems proficiently. People with an IT background have more advantages in system operation. Therefore, some engineers turn to the business direction and agile direction, and at the same time, some occupy the position of a communication bridge between IT and business, helping to promote business innovation by using information systems.
4. Higher education expands enrollment. Most of the easier and tedious work will be given to newcomers in the workplace. Naturally, only a few core employees in key positions need to be retained. At the same time, these newcomers in the workplace need masters. Of course, IT engineers have a path to management and begin to climb the positions of supervisors, managers, directors, and C-level senior presidents;
5. The Internet bubble and other wealth-making myths have shattered. After all, there are only a few successful people, and most Internet companies cannot sustain it. A large number of closed companies have caused some professionals to switch to emerging or niche fields. New high-level needs are artificially created. The story of selling shoes to primitive tribes who have not worn shoes has more positive business reasons today; The problem is that some professionals do not create social value, but turn to steal the fruits of other people's labor. This is what people call hackers in a broad sense. If there are hackers, there is of course a group to guard against hackers—a team of experts in the computer network information security industry. Why is it a group or a team? Because human energy is limited, and the industry covers a wide range, there is always an area that a hacker has studied and is very familiar with but a security expert does not know very well. This hacker needs another security expert who is also very experienced in this area to deal with. Therefore, the security expert team needs at least two kinds of people: one is to develop in-depth, a security expert in a certain sub-field; the other is to develop comprehensively, with capabilities including architecture design, communication and coordination, and integrated management.
Having said that, we can simply see several directions for the future career development of information security practitioners:
1. Promote to management positions. Information security is also three points for technology and seven points for management. From an engineer to a safety supervisor, manager, director or CSO or CISO, you need to deal more with people and change your thinking, from a biased safety technology control to a process and personnel safety control factors
2. Transform the business direction. To make information security a driving force for business success, rather than resistance, it is necessary to understand key business processes, identify important security threats to the continuous operation of the business, conduct business-based risk analysis and control, and use security expertise and skills to ensure the safe operation of the business. At the same time, it is also necessary to understand the safety concerns of business leaders and professional teams from a business perspective. Regardless of positions such as risk control, internal audit, etc., it is also necessary to strengthen communication and coordination with business-related personnel;
3. Become an expert in a certain field. There are many security issues in each segment, and these issues require effective solutions. Mastering key core technologies and staying ahead is the strongest competitiveness of experts. In this respect, intelligence and perseverance are the noblest qualities. The comprehensive and comprehensive development of security integration capabilities is indispensable for promoting and achieving the cause of security. Experts are required to extensively hunt for various fields of knowledge and have a wide network of contacts in order to obtain a smooth cross-departmental integration effect, and communicating with them in a language that the personnel of each department can understand is the key to victory;
4. The above-mentioned directions are not in conflict, and may even intersect. For example, security experts engaged in management work may also be promoted to chief scientist, chief architect, CTO, etc.; management positions can be transformed into CFO or even CEO if they are more skilled in the business field. However, network information security engineers want to show off their skills in a wide range of information security fields and climb the high-speed ladder of career development. They must pay more attention to communication with people and pay attention to the human factor in information security.