Security Careers: The Renaissance of the CSO

We live in the present but work in the future. And security officers can’t just react to yesterday’s and today’s problems; they must also avert tomorrow’s. Some of this predictive security will become specialized enough to turn into new types of jobs or, at the very least, certified skills.

Comprehensive formal security training hasn’t become mainstream, but it will. Today’s security officers learned from on-the-job training and a sprinkling of specialized certificate programs. The security expert of tomorrow, however, will have to be an expert in a variety of trades.

Familiarity with computer systems will be a given, as it is today. But predictive security is broader than “rounding up the usual suspects” after a crisis. It’s more akin to law enforcement profiling. Knowledge of psychology, familiarity with other languages and cultures, and strong interpersonal skills will be crucial components for these security seers. Like cops, they will have to develop a sixth sense for wrongness, whether caused by odd employee behavior or the way that the lights on the router are blinking.

In this new era, the job titles will be different too. Instinctual counterintelligence professionals who specialize in penetration assessments and honey pots will be in demand to establish a first line of defense. The technique behind catching criminals will be secondary to understanding where to set the trap.

Online profilers, like their contemporary law enforcement counterparts, will study the obstructions that human beings create in the orderly flow of cyberspace. By studying employees’ and customers’ behaviors, the analysts will be able to anticipate virtual and physical risks and dangers.

Another type of work will be data archeology, or the excavation of buried information. At its simplest, this process will examine physical devices for hidden digital goods. For instance, my USB watch has enough storage on it to shelve two or three novels, and it would be a great way to smuggle trade secrets out of a building. At a deeper layer, data archeology will entail differentiating between meaningful information and white noise in a data stream, or rooting out messages concealed inside other content.Reconstruction of an attack currently requires data forensics experts, but their effectiveness will be augmented by a new breed of auditors charged with tracking the history and disposition of all electronic corporate information. Companies will have to ensure that information is erased at appropriate times and that covenants that are attached to customer information stay permanently linked to those records. This will be the only way to be verifiably compliant in the evolving world of global privacy regulation. The detailed analysis of log files and examination of records generated by data auditors will also help close security holes.

There will also be data exterminators who will track down every cloned copy or subset of a file and purge it. That is harder than it sounds, yet for a CSO whose company would otherwise spend eight months in a courtroom defending itself against damaging e-mails or files hidden within the network, it’s a priceless service. This includes the “Wall Street Special,” or deletion of old e-mail as soon as it is legally permissible. A less technical but equally critical function will be the disk destroyer. Studies have shown that three out of four junked computers have data on them. Savvy companies will insist on internal degaussing and outright physical destruction of unused disk drives. Lest we forget, several of the incriminating notes that Monica Lewinsky drafted to President Clinton were never sent. They were recovered from deleted areas of her computer’s drive.

The mundane chore of security by interdiction is morphing into the more difficult task of security by imagination. If the enemy can think it, they can almost certainly do it, and the security officers of tomorrow will have to branch out their skills in all of these areas to keep pace. N