http://www.smh.com.au/articles/2002/08/13/1029113885156.html By Nathan Cochrane August 13 2002 Next Raymond Key knows a lot about information security management and Chinese food. Since arriving in Australia from his native Hong Kong eight years ago, the 42-year-old has discovered Australians' taste for Chinese food has matured markedly. The same couldn't be said for Australia's approach to computer security. Despite being one of only about 40 certified information systems security professionals (CISSPs) in the country - qualifications apparently in such short supply it is on the Federal Government's Migration Occupations in Demand List - Key, a father of two, has been unemployed since January. He would like to join a small company, even on a lower salary than he commanded in the United States, and work his way up. "I don't need $100,000 (a year),'' he says. "I'm flexible on money. "I'm going to start looking at jobs in other states. I've tried to stay in Melbourne because I've got children and my boy is in year 3 and to move around is very tough. If I have to take a job in Sydney or Brisbane I would move there myself." It's not that Key doesn't have relevant experience or other strings to his bow - he's also one of few Cisco-certified Internetworking experts, a top-level certification that requires a practical exam. And, before leaving Hong Kong, Key led a team of 30 in a $HK90 million project to modernise the information infrastructure and security of the Royal Hong Kong Police Force. He returned to Australia last year after a stint working on a US H1B visa for a Cisco partner in North Virginia, home to more spooks, geeks and phreaks (phone hackers) than anywhere else on the planet. Being an out-of-work IT specialist is not news. There are thousands of professionals scouring job ads and talking to recruiters looking for a place or working for much less than they once earned. What is unusual is that, despite the rhetoric from government and business about becoming more security conscious, not even Key's impressive resume can persuade an employer to hire him. It must make every malicious hacker smirk. His recruitment consultant at Hays IT Personnel, Paul Rowley, is baffled by the unwillingness to hire security architects. "With Raymond, I've gone out of my way because he has this unusual certification that on the face of it people would want," Rowley says. "It's been amazing the lack of take-up." Rowley and Key hope increasing awareness of CISSP will turn things around before Key's savings evaporate. The family is living off the proceeds of its US home sale. "The certification is primarily for those in security consulting and is also a well-recognised credential for chief security officer, a role in organisations that has yet to take root here but has been established in the States," says Dimension Data business manager and fellow CISSP, Tim Smith. One of the problems with the CISSP exam is that it is very broad, covering areas such as security in buildings and even how many fire extinguishers a data centre should have. It covers a lot of ground but not in any great depth. It is focused on the needs of US government, business and military. The attitude to employing security professionals can be likened to Chinese cuisine. Australian employers have such a rich field of unemployed talent they can choose the skills they want like yum cha delicacies on a trolley. They want a little bit of everything, don't want to commit to any one flavour, in a meal that is served quickly. Employers like it this way because they can get a project up to speed immediately. Key, and thousands like him, are like a Chinese banquet that takes time to appreciate. Key says security-related work is now being handled mostly by staff on the ground who may not have adequate training. Seldom is someone directing security policy at a senior level. "Security comes into every aspect of IT," Key says. "If I take someone to design a big application architecture, I would be more than happy if they have CISSP because they will consider within the application environment and functionality and features the security risk." The decision by the Immigration Department to add CISSP qualifications to its list may be a burden as well as a blessing. As more CISSPs arrive and take more senior positions, it may become easier for security professionals to find jobs, he says. "If you are talking about: Do we need to let more highly qualified specialists migrate to Australia in general?, we better stop for a while, because even I can't get a job," Key says. "But (as to) who these guys should be and what attributes they should have, then CISSP should be there." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Aug 14 2002 - 05:25:57 PDT