Role of security professionals morphs quickly
The threats to a company' network continue to morph, getting more sophisticated every year.
The role of security professional therefore has to change to keep pace, and there was lots of change in 2012. The rise of Advanced Persistent Threats, the rise of more sophisticated malware, the trend toward bring-your-own-devices and the rise of cloud computing all pointed to the need for new security skill sets.
Infosecurity Magazine notes that, "As a result, security professionals must evolve into advisors. Information risk management, furthermore, is not the only new tool they must add to their arsenal; security professionals also need to master governance and compliance, privacy, metrics and data analytics, and business consulting skills. Protecting information no matter where it is located requires a fundamental shift in focus. Information security professionals who are accustomed to concentrating on technology need to switch gears and focus on business processes and data. Both cloud computing and mobile devices are driving this transition, demanding that security professionals spend more of their time on governance and providing advice to their organization than on direct operational responsibilities for cloud and mobile environments."
When you get right down to it today, the essential skill is risk management. The real goal isn't to prevent every breach but to minimize the risks to a manageable level. Increasingly, this entails interacting with people across the organization. In some ways, it is starting to seem less and less like an IT job and more of an advisory-type job.
- here's the article