PHOTO - Wilson Wong is the managing director of EC-Council Asia Pacific.
Which came first? Malicious hackers or information security experts?
After seeing countless information technology systems deployed and millions of dollars spent, I'm in the opinion that malicious hackers arrived on the scene first. Often systems and frameworks were put in place with little or no security measures.
Yes, information security awareness has increased in recent times, but that awareness came with a price - loss of customer data, trust and company reputation is often the currency.
In the near future, compliance regulations will be put in place to protect organisations from cyber attacks. They will be required to meet certain information security standards. But, like all standards, it's not the black and white that truly works; it's the people behind the implementation.
What about firewalls and anti-virus software? Aren't these systems supposed to keep intruders out? If regulations are to be put in place, won't software vendors be able to come up with suitable systems to meet the regulatory requirements?
According to Frost & Sullivan, the number of information security experts in 2010 was 2.28 million. The figure is expected to increase to an estimate of 4.24 million by 2015. It's safe to say this is one instance where technology will not be replacing the human brain anytime soon.
(Information security experts call themselves by a variety of titles, ranging from chief information security officer to ethical hackers - for the sake of consistency, we'll just call them information security experts here.)
I think we've come far enough without needing to define information security, but in a nutshell, I'd call them the gatekeepers of an organisation's network, information systems and technology framework.
But what does it take for an information security expert to, well, be an expert.
2. The ability to think like a hacker
That's it really. Bet you were expecting a much longer list.
Certification will help any budding information security expert stay competitive among their peers. Updating your certifications will reflect your passion in being the best in what you do. Professional bodies such as accountants, project managers and corrosion engineers require their professionals to be certified - why should information security be exempted?
It assures employers that you possess the necessary knowledge and skills to put in place and manage their information security framework and that you have the ability to deploy counter measures.
It's not just a piece of paper. It's going through a vigorous and technical training where you'll learn the types of exploits, vulnerabilities and counter measures. Lab intensive classes will expose you the essential security systems, penetration testing, intrusion detection and the list goes on.
Sign up for CIO Asia eNewsletters.