Hi Cory One of the nice things about being laid off and looking for work is having time to write to students about getting into the field. If you still want to do it. :-) I'm partial to the Washington, D.C. area as I was born and live here. But I think other responders would have to agree that information systems security best practices and disciplines originated with the Department of Defense and civilian organs of the Federal government. There are lots of opportunities here. Even in a recession I'm able to land enough independent consulting to keep the family fed. I just got dumped from a $112k job. Confident I'll find another in the price range is a far cry from when I ran a record store 13 years ago and didn't even make what I spend in entertainment now. The DC area is pretty much recession proof as it's principle industry is pushing paper around. Only about a third of the workforce is actually employed by the Federal government so there is lots of opportunity in non-profit associations or commercial enterprises. Now the job of network security architect to me means the manager of a series of steps that form a circular understanding of activity. Most importantly, the architect defines security and the policies that will be enacted. This starts as an analysis of the values at risk versus the expense of protection. Nobody buys a $5000 safe to put $500 in. Once a set of policies has been selected (I have some links to some at http://www.pressman.org/familyhome/certifyU.htm#BestSecurityLinks )by you and what I'll call the business owners (the reason there is a network to protect is to serve their needs) you then do an assessment. You need to see if the network hardware, software, and administrative talent pose any vulnerabilities or non-compliance with the policies. This is your first chance to harden or protect the network. You've probably heard about getting patches and updates to your networking software to remove vulnerabilities. Once your network is safe from the built in vulnerabilities and your users instructed in the policies for using the network, your next challenge is protecting the network from outside attack or inside abuse. While hackers make the papers the real cost to an enterprise is insider abuse. You have to leverage your skills, good software scanners, intrusion detection systems, firewalls and router access control lists to protect the network. At this point you've attained the healthy secure network. Now all you need to know about is changes. If you use packages that will learn the patterns of usage of your network, they can alert you to users deviating from normal behavior, storing or modifying files they shouldn't etc. Here is where you also use the myriad log analysis tools that sift through gigabytes of normal logs looking for anomalies. This is the management stage and it lasts the longest. It could be years before you need to change things. Change you will however as the network reflects the changing requirements of the business owners. At this point you begin again with new or modified policies. Again you must assess then protect and finally manage the network from a security standpoint. This is what I mean by a circle of activity. The specific tasks are often completed by analysts or the regular networking staff (e.g. same 24x7 folk who do backups and keep the servers running) Sometimes though you'll do all of these tasks. A real good understanding of how to run a project on time and under budget has to be added to a personality that can persuade and educate people to do the right thing in the right ways and why. Lastly a strong attention to detail and a tremendous amount of patience will allow you to find problems, solve them and ensure they don't happen again. Hope this helps. If this hasn't dissuaded you from a career in information assurance then welcome to my world. Good luck and enjoy the ride. Best wishes. -----Original Message----- From: Cory Carnes [mailto:carn_z12at_private] Sent: Tuesday, September 25, 2001 6:47 PM To: securityjobsat_private Subject: Student Help?? Hey everyone, I'm doing a project for my Computer End-User Technologies class that entails me picking my job of choice in a computer related field and finding weekly information on that job. I chose Network Security Architech... I was wondering if anybody had information on the best geographical area to work in the field and some information on the job itself. Thank you, Cory Carnes _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 10:05:56 PDT