|
You
could probably call them the select sentinels of the New Age. The
newest breed of professionals handling the toughest and the most
sensitive of all tasks—warding off all threats to information
security. Only, they are no ordinary security pros, but highly trained
professionals, with commendable experience and expertise who also
command a premium price in the international job market. Enter the
era of security managers.
While
Indian companies hire hundreds of IT engineers, the concept of security
manager remains a novel phenomenon. Then, why the need ? “It
is in the overall interest of the industry to get a feel of the
idea. The existing knowledge level is not sufficient. Security professionals
today are aware of the threat but do not know how to tackle it.
There is no complete security solution,” says Rajeev Wadhwa,
chief operation officer, Global e-Secure. Industry experts have
been advocating the necessity of companies to hire specialists for
handling the real threats in an enterprise environment. The security
manager should be trained on various security trends and products
and possess credible experience of operating and running security
implementations on various operating systems and work environments.
One
of the distinctive advantages of hiring a security manager is that
being “an outsider” (who is not directly hired by the
company), he is not impressed by the position of the IT head as
far as the security aspect is concerned, that is the latter cannot
exercise his superiority. The posting is as per the agreement of
the e-security company with its clients to take care of the complete
security needs. “We will sign SLA (Service Level Agreement)
with organisations and provide them with complete security management
— application security, product deployment, firewalls, etc.
The security manager will be there to manage the complete SLA on
site,” informs Wadhwa.
The
candidate is educated to execute the job with complete backup of
his organisation. This is one particular reason why despite the
fact that security managers are also appointed directly by organisations
across the world, it is always preferable to hire them as a part
of an agreement with the company that is providing the complete
security solutions. Then comes the pertinent question of taking
guarantee of the security manager, which only an e-security company
can provide.
While
industry experts feel that with the gradual awakening in the Indian
scenario, organisations here will start hiring security managers
in the next six to eight months (starting obviously with the MNCs),
in the international job market these professionals are much in
demand, commanding a staggering annual salary ranging between US
$125,000 to US $175,000—almost double the price commanded by
other IT professionals. Global e-Secure has been training networking
professionals to take on the job of security managers for an international
clientele and has already sent out their resumes. “The significant
factor is that these are permanent jobs and are not project based,”
points out Wadhwa, remembering to add that these highly paid jobs
require a great deal of investment on training. Last year the company,
which pays an average salary of Rs 50,000 per month, had invested
Rs 87 lakh on training its professionals.
What
are the pre-requisites? “Three to four years of relevant experience
in managing networks and hands-on experience of one to two years
on enterprise applications in terms of implementation. He should
have also implemented a firewall for
network
security product. This should be coupled with six months of training,”
answers Wadhwa. The candidate should be CISA (Certified Information
Systems Auditor) certified, trained on various network platforms
and products, enterprise applications and possess special auditing
skills. Before being put on the job he should also be trained on
“ethical hacking”, which is actually the basic penetration
test. While age is not a factor, it is knowledge and skills which
are the determinants. Obviously, certifications are also necessary
for recognition in the international market.
“All
our people are certified by CISSP (Certified Information System
Security Practitioners) exam in the US, which we brought to India
for information system security. We have in fact been training them
for the job,” says VL Mehta, director-information technology,
MIEL
e-Security.
While the company has done some work for
organisations
in the US and Indonesia, it has already started tapping the Indian
market— the customers range from FMCG companies to banks to
industrial groups. Acknowledging that the professionals are paid
much more because of the demand-supply gap, Mehta points out that
creation of awareness is a necessity in this field. “In India
you will not have any organisation looking for security managers.
They don’t even have a budget for security. However, we have
been conducting lots of seminars and have got a fantastic response.”
A
specialised position, there is little career path if an organisation
hires a security manager directly. Constant updation of skill sets
is necessary, which can only be possible if he is working with an
e-security firm. Besides, training in this field is a costly affair
which only an organisation can provide. “We can put a security
manager two years onsite and after that put him on another job,
for instance senior production manager for firewall in our company,”
says Wadhwa. This is evidently not possible if an individual works
for an organisation directly, for a security manager once hired
will remain a security manager.
Deployed
at a sensitive task, a rigorous background check and thorough investigation
of previous track record is necessary. A person cannot fool around
with the resume, it is vetted and tested by a third party agency
and any bad reference means termination from the job. Evidently
those hired to maintain a foolproof system should have a foolproof
track record.
|
