[ISN] Slim pickings for an IT gourmet

From: InfoSec News (isnat_private)
Date: Wed Aug 14 2002 - 02:32:04 PDT

  • Next message: InfoSec News: "[ISN] White-Hat Hate Crimes on the Rise"

    By Nathan Cochrane
    August 13 2002
    Raymond Key knows a lot about information security management and
    Chinese food. Since arriving in Australia from his native Hong Kong
    eight years ago, the 42-year-old has discovered Australians' taste for
    Chinese food has matured markedly. The same couldn't be said for
    Australia's approach to computer security.
    Despite being one of only about 40 certified information systems
    security professionals (CISSPs) in the country - qualifications
    apparently in such short supply it is on the Federal Government's
    Migration Occupations in Demand List - Key, a father of two, has been
    unemployed since January.
    He would like to join a small company, even on a lower salary than he
    commanded in the United States, and work his way up.
    "I don't need $100,000 (a year),'' he says. "I'm flexible on money.
    "I'm going to start looking at jobs in other states. I've tried to
    stay in Melbourne because I've got children and my boy is in year 3
    and to move around is very tough. If I have to take a job in Sydney or
    Brisbane I would move there myself."
    It's not that Key doesn't have relevant experience or other strings to
    his bow - he's also one of few Cisco-certified Internetworking
    experts, a top-level certification that requires a practical exam.  
    And, before leaving Hong Kong, Key led a team of 30 in a $HK90 million
    project to modernise the information infrastructure and security of
    the Royal Hong Kong Police Force.
    He returned to Australia last year after a stint working on a US H1B
    visa for a Cisco partner in North Virginia, home to more spooks, geeks
    and phreaks (phone hackers) than anywhere else on the planet.
    Being an out-of-work IT specialist is not news. There are thousands of
    professionals scouring job ads and talking to recruiters looking for a
    place or working for much less than they once earned. What is unusual
    is that, despite the rhetoric from government and business about
    becoming more security conscious, not even Key's impressive resume can
    persuade an employer to hire him. It must make every malicious hacker
    His recruitment consultant at Hays IT Personnel, Paul Rowley, is
    baffled by the unwillingness to hire security architects. "With
    Raymond, I've gone out of my way because he has this unusual
    certification that on the face of it people would want," Rowley says.  
    "It's been amazing the lack of take-up."
    Rowley and Key hope increasing awareness of CISSP will turn things
    around before Key's savings evaporate. The family is living off the
    proceeds of its US home sale.
    "The certification is primarily for those in security consulting and
    is also a well-recognised credential for chief security officer, a
    role in organisations that has yet to take root here but has been
    established in the States," says Dimension Data business manager and
    fellow CISSP, Tim Smith.
    One of the problems with the CISSP exam is that it is very broad,
    covering areas such as security in buildings and even how many fire
    extinguishers a data centre should have. It covers a lot of ground but
    not in any great depth. It is focused on the needs of US government,
    business and military.
    The attitude to employing security professionals can be likened to
    Chinese cuisine.
    Australian employers have such a rich field of unemployed talent they
    can choose the skills they want like yum cha delicacies on a trolley.  
    They want a little bit of everything, don't want to commit to any one
    flavour, in a meal that is served quickly. Employers like it this way
    because they can get a project up to speed immediately.
    Key, and thousands like him, are like a Chinese banquet that takes
    time to appreciate.
    Key says security-related work is now being handled mostly by staff on
    the ground who may not have adequate training. Seldom is someone
    directing security policy at a senior level.
    "Security comes into every aspect of IT," Key says. "If I take someone
    to design a big application architecture, I would be more than happy
    if they have CISSP because they will consider within the application
    environment and functionality and features the security risk."
    The decision by the Immigration Department to add CISSP qualifications
    to its list may be a burden as well as a blessing. As more CISSPs
    arrive and take more senior positions, it may become easier for
    security professionals to find jobs, he says.
    "If you are talking about: Do we need to let more highly qualified
    specialists migrate to
    Australia in general?, we better stop for a while, because even I
    can't get a job," Key says.
    "But (as to) who these guys should be and what attributes they should
    have, then CISSP should be there."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Aug 14 2002 - 05:25:57 PDT