Securing a computer network goes way beyond simply installing and configuring a firewall. While a competent system admin will be able to do that task, often a mid- to large-sized corporation will have a security administrator specifically dedicated to the task of network security. Large corporations may even have a higher-ranking network security officer; and the area of network security is fast becoming one of the most in-demand jobs in high-tech.
In addition to finding jobs at corporations in network security, you will also find that smaller companies, who may not be able to afford a full-time security technician, are turning to outsourcing for their security needs. These smaller companies are becoming the targets of serious and expensive attacks, and can no longer afford to place security on the back burner. For the individual seeking a career in network security, this means there are two separate markets for jobs; working directly for corporations in security, and working for the outsourcing agencies that service corporations.
A major driver in the rapidly increasing security market is the mandated compliance that has been passed, including Sarbanes-Oxley, HIPAA, and other state regulations that require more corporations to implement specific security measures. Many of these regulations deal with things like protecting against identity theft, and protecting the privacy of individual consumers. Security technicians will often work with corporate compliance officers in ensuring that these mandates have been met.
Beyond a good understanding of network infrastructure, a network security professional will have a good understanding of all of the various types of security that are used, which include firewalling and intrusion prevention and detection, authentication and authorization, and content protection. Although many of the networking certifications such as CNE and MCSE will touch on security as it is incorporated into that vendor-specific equipment, a more specific security-oriented certification will also be useful in pursuing this type of career. One of the most useful online places to learn more about security-oriented certification is the SANS Institute. The SANS Institute’s GIAC (Global Information Assurance Certification) validates the skills of a security professional and is widely recognized and accepted.
It has happened on rare but noteworthy occasions that former hackers and cybercriminals have found gainful employment in the corporations they once tried to hack, or even in government agencies, but don’t look for this to happen all too often. Contrary to what may be a popular belief among the cybercrime underground, having a background as a hacker or cybercriminal is not a legitimate resume builder for a security professional.