Most stories of IT security breaches inevitably end with a humbled company official declaring that their IT security will be reviewed and corrected. So is all the security angst generated by these events actually translating into more training or jobs for IT professionals?
Paul Swinwood, president of the Software Human Resources Council (SHRC), explains the labour market outlook for 2005: “Security is one of the strong areas. Companies have a lot of issues to deal with, and the question is, do they have the in-house staff to deal with it, not just from a technical point of view, but also from a business point of view. They want people with the whole package, who can understand the business challenges as well as the technology.” They want people with the whole package, who can understand the business challenges as well as the technology.Paul Swinwood>Text According to Swinwood, companies prefer to train their IT staff if it is simply a question of adding specific technical skills, and if their people already have the requisite business understanding. “The trend we’re seeing is that companies are trying to use current technical staff if they have the capacity to handle it. Companies have downsized in all their areas, so they’ve got people doing multi-tasking within IT departments. So part of the challenge is finding the time to do the training. When their people don’t have time, that’s when the opportunity comes for additional hiring.”
But lack of business understanding is a fundamental issue within IT overall, and acquiring the “whole package” requires more than a six-week crash course. “You don’t grow holistic overnight. That’s the big issue: it’s not just implementing encryption. It’s implementing the proper security around everything so the business can continue to function within a secure environment. It’s the dual challenge of managing both productivity and security,” says Swinwood.
David Joyce, vice-president of customer solutions and delivery at Bell Security Services Inc. (BSSI), echoes Swinwood’s sentiments: “The holistic approach is really the only way, in our opinion, that a company can look at its security posture. In the olden days, a company would install a firewall and then breathe a sigh of relief. People took a fragmented approach in the past. But It’s the total security approach that we’re strongly putting forth in the market and it’s been well-accepted by many of our large customers.” BSSI recently partnered with Algonquin College’s School of Advanced Technology to strengthen the College’s one-year, post-graduate certificate program for Information Systems Security (ISS) in an effort to play a role in developing the specific skills it needs.
How does an IT security program deliver holistic training? Claude Brul