Thursday, August 18, 2011

Where Are The Security Jobs? Web Application Security Jobs

Where Are The Security Jobs?

If you’re an up and coming cyber security professional or if you’re a seasoned information security professional and you’re wondering how to fine tune your skill set for the future, read on.
Don’t take my word for it.  Look at the weekly reports of significant cyber warfare hacks and you’ll quickly see that hackers are breaking into Internet facing applications from companies of all sizes.

Web Application Security Jobs are a hot topic and I don’t see the topic cooling down anytime soon.  These jobs tend to come in two flavors.
Application Scanning Jobs

The first flavor goes to information security professionals who are skilled with application scanning tools such as but not limited to: AppScan, Web Inspect, Fortify, etc.  These security professionals more often than not have never been application developers or software engineers.  Therefore, when it comes to doing manual code reviews, although they may be able to read code, they’ve never written significant applications.
Application Code Review Jobs

The second flavor of web application security jobs goes to individuals who at some time in their career were application developers or software engineers.  These people have the ability to do manual code review and they can go a step further in that they have the clout so build relationships with software engineers.  In other words, when they use the same scanning tools as the application security professional who only runs scans with automated tools like AppScan, Web Inspect or Fortify, they can not only interpret the reports that are generated from scanning applications, they can sit down with software engineers and share a deep discussion around secure coding techniques.
Web Application Security Jobs

This topic surfaced this morning as a result of talking to a security consulting practice leader whose husband is a software engineer.  He has found a passion for security in that he has earned an EnCase forensic certification.  While this is a great path for this person to follow, especially if they are passionate about what they’re doing, I asked why they hadn’t pursued education and certification in the realm of secure software development and application security?
This conversation was further fueled by a recent discussion I shared with a company that operates in the same business space as another global organization that was hacked.  The result of that hack was the release of over 100,000 customers’ personally identifiable Information.  The result of this information leakage remains to be seen but the global law suits appear to be lining up.

Job Security in Information Security
As long as companies large and small push applications to the Internet and more recently, to the Cloud, there will be need for web application security professionals.

Security Recruiter Blog from's Security Recruiter Blog