[This post may come across as some kind of self-promotion, but it's intended to show that there is a real problem. We apologise in advance for perceptions of buzzwords, spin and other marketing fluff]
At the Infosec trade fair in London this week, a group of UK based organizations are launching the "Cyber Security Challenge" to raise awareness of IT Security as a career option and to try and educate people about what exactly is required to secure networks and systems.
If this challenge succeeds in raising IT Security awareness then it can only be a good thing, however it seems to me that it's job description is only partially accurate:
If you want to know ahead what each day will bring then DO NOT work in Cyber Security
Just think about the dependence that our society has on networks. We rely on telecommunications running smoothly for the delivery of the basic necessities in life like power and electricity, not to mention financial systems. We need to be able to store our intellectual property on computers without fear of it being stolen or corrupted. The UK needs more and better cyber security specialists. If we are to protect our society against the ongoing attacks on Government and corporate systems from criminals, foreign states, unscrupulous organisations and people intent on stealing secrets from others. We need people who not only have technical skills but are also quick learners, flexible, dynamic and excellent communicators. There has been a step change and cyber security now offers a range of varied, challenging and exciting jobs.
Do you want an important job where you will be constantly challenged? Would you like to make a difference and help prevent cyber crimes or track down the perpetrators? Do you want to work in an area where there is a current skills shortage and the number of jobs is predicted to grow in the next 5 years?
The catch is that a lot of the time IT Security people are in fact doing exactly the same things as they did the day/week before - that is to say manually updating various security systems with the latest data on current threats. And worse still, every organization has to have someone perform these tasks because, even if the threat knowledge is common, the access methods, passwords and so on required to update the security systems will vary in every organization.
This kind of routine updating is tremendously wasteful of scarce (and hence costly) security talent since time taken to do this task is time that cannot be dedicated to tracking down current infections, blocking new attacks and patching/closing newly uncovered vulnerabilities.
One of the reasons why ThreatSTOP was founded was to try and offload this function so that the threat data is automatically gathered, distributed and applied in a timely fashion to firewalls. We act as a single clearing house for threat data and our subscribers have the ability to combine threat data to make their own custom block lists. These lists are then automatically retrieved by the firewalls every 2-4 hours ensuring that the networks behind them are protected against the latest threats.
Given the ever increasing importance of the Internet and the services provided by it, there is no doubt that attacks by criminals and the like will continue to grow. It makes sense therefore that the white hats find a way to efficiently counter as many of the attacks as possible in as automatic a way as possible. This then leaves the IT Security Professionals with the time to investigate and remedy the new attacks and indeed have a job where they "will be constantly challenged".