Tuesday, August 26, 2008

What makes a security consultant an expert?

Good security experts are different characters than other engineering or Information Architecture roles. The important qualities for security set them apart from rather than make them indistinguishable from others.

Security experts are always interested in security across a broad spectrum that goes well beyond IT, professional information security at every level, demands “thinking outside the box”. 

A security expert always takes the initiative to find the answers to security problems without guidance and sets the agenda based on threat priorities. 

Information security falls outside defined policy, because the job revolves around preventing, investigating, and responding to incidents where policy has failed.

A security expert’s work involves investigation, assessment, troubleshooting, abstract thinking, problem analysis, and understanding the security principles underlying of particular events. 

Security works best when it is part of the architectural design of a system, when it is the very basis for policy, and when it limits the errors of everyday work. 

The best security experts have an unconventional mindset and perspective than memorized standards of “industry best practices”. In fact, the most important lessons to be learned about such practices are their flaws. 

Read Chad Perrin thoughts on hiring security experts at http://blogs.techrepublic.com.com/security/?p=551&tag=nl.e036

No comments: