Inside Intel, part 2: The future IT security workforce
What will the information security department of the future look like?
By Bob Violino
October 17, 2012 — CSO —
The future workforce will look somewhat different than the current workforce, according to Alan Ross, senior principal engineer at Intel.
IT security functions will likely change because computing itself is changing so much—and Intel is at work preparing for the new security landscape.
"Our compute models have evolved along with our users' expectations; we are no longer in the compute paradigms that [built] the environment we have today—or a few years ago," Ross says. "Cloud computing, consumerization, BYOD [bring your own device], application development and transparency of information have put us at the point where we need to shift the focus of our IT strategy and architecture."
[See part 1 of Inside Intel: The evolution of IT security]
Even while shifting their focus to these new areas, organizations must continue to build on key security issues that are important now, including business intelligence, application security, data protection, identity and access management, and infrastructure.
"Based on these key focus areas and the combination of the threat landscape, legal and regulatory environments, and new compute models, we see some new focus areas emerging for the security of the workforce," Ross says.
These emerging areas and job functions include security data scientists who will work with big data, visualization, correlation and prediction tools; privacy technologists who will focus on using technology to ensure that privacy laws and policies are being met; user experience professionals who will focus on how security affects the way users interact with systems; and application security experts.
Application security "is redundant to the key focus areas, but we see this area changing most rapidly and a skill gap here," Ross says.
Intel is preparing for these changes in the workforce by developing a security data scientist curriculum, and will begin training interested employees in making the transition. "We are also cross-training technologists on privacy so they can begin to make the change for us toward a privacy-technologist competency," Ross says.
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
Database security: At rest, not at risk
IT risk assessment frameworks
How to do end-to-end encryption
Also find sample data protection policies in CSO's tools, templates and policies library
- Enterprise File Sharing: All You Need to Know
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- Software Asset Management - Program Considerations to Help Reduce Risk and Lower Costs
- Content Analytics Explained
- Attacks from China: A survival guide
Chinese cyberattack activity is back in the news this morning, with new details emerging on new attacks. Here's a collection of stories to help infosec pros better understand the threat. - #FFSec: Infosec pros who bring value to Twitter
- B-Sides Boston is Saturday
More Salted Hash with Bill Brenner
