Source: CBSI & #8211; Claudio Florenzano
Revolutionary technologies such as cloud services, digital currencies and the Internet of Things have made companies and governments more open and connected - but also infinitely more vulnerable to threats.
In this new world, where information leaks and hacking hacks have made recurring headlines in the news, one type of IT professional is increasingly attracting employers: the information security expert.
Without a workforce capable of protecting data confidentiality and confidentiality, today's society would likely collapse, says John McGlinchey, global vice president, CompTIA (Computing Technology Industry Association).
"There is no market that doesn't need an IT infrastructure, and that infrastructure needs to be secure," the executive tells EXAME. "That's why information security workers will always have a job, and anywhere in the world."
According to McGlinchey, today there is no more division between tasks within the IT department in companies: everyone works somehow with cybersecurity.
After all, the complexity of the infrastructure, regardless of company size, requires professionals with a minimal “arsenal” of attack prevention skills.
“What will differentiate the professional is to have one or more certifications,” says CompTIA VP. This even appears in salary: who is certified in the area earns between 10% and 40% more than who is not.
The enemy comes from outside
The professional in this area has not always been so valued. Over the past decade, information security concerns for companies were much simpler, as threats often came from within their own environment.
“The focus was to prevent employees from entering malicious websites or inadvertently getting viruses from one computer to another with a USB stick,” explains Diego Mariz, IT Division Manager at Michael Page consulting.
With the evolution of technology, information has, on the one hand, concentrated much strategic value and, on the other, be more accessible to outsiders.
The biggest problem was no longer the infected drive, but the possibility that an attacker from anywhere in the world could steal passwords, disclose sensitive data and severely disrupt internal operations and processes.
In Brazil, where some data protection “innocence” still prevails, most companies and governments are still relatively vulnerable to attack - which reinforces the fact that the market's potential for expansion is far from being exhausted.
Who is the most sought after professional?
In his travels in Brazil, McGlinchey always hears the same comment from multinationals, startups, consulting firms and universities: the country suffers from a severe shortage of IT talent.
"It is estimated that the Brazilian market today has half a million vacancies for lack of qualified candidates," he says. "Remember, being qualified doesn't mean having a college degree, but being able to start a job and do the job on the first day."
From a technical standpoint, says CompTIA VP, you need to have a solid foundation in infrastructure, but also know how to use the latest threat-fighting tools, such as Advanced Persistent Threat (APT).
According to Mariz, mastery of these skills is proven through certifications such as CISSP (Certified Information Security Systems Professional) and CISM (Certified Information Security Manager).
The practitioner is also expected to master best practices in the field, such as those provided in guides from the System Administration, Networking and Security Institute (SANS).
McGlinchey also points out that the employer-preferred professional has a business acumen, knows how to manage projects, and has basic knowledge of finance and accounting.
But it is because of the lack of certain behavioral skills that companies often find it difficult to fill vacancies. “The best jobs go to those with relationship, communication, leadership, and teamwork skills,” says Mariz.
