Re: researching job of "security auditor"

From: Todd H. (comphelp_at_toddh.net)
Date: 12/14/03

  • Next message: Shannon Appel: "[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1"
    Date: 14 Dec 2003 16:23:05 -0600
    
    

    walterbyrd@iname.com (walterbyrd) writes:

    > What qualifications are generally required?

    Varies. A knowledge of network security, TCP/IP, what a firewall
    does, knowledge of multiple operating systems, and common exploitation
    techniques are the general qualifications.

    There are various certifications out there CISSP, and the like, but
    I'm not sure many are looked as must-haves for entry level security
    positions.

    > Who hires security auditors?

    Varies. The need is arguably pervasive.

    > Do most work as consultants, or regular employees?

    Varies.

    > How long does a security audit generally take? Is it usually done by
    > one person, or a team?

    Varies based on scope of project.

    > Is there much demand for security auditors?

    Yes, I'd say. Increasingly so. IT security issues are going to get
    worse before they get better. Companies ignoring security do so
    increasingly at their own peril as additional large software
    vulnerabilities in widely deployed applications are found, as attacks
    get more sophisticated and malware writers increase the complexity of
    their techniques.

    > Any other information you could provide would be helpful.

    These are hard questions to answer since they're fairly broad.

    -- 
    Todd H.
    http://www.toddh.net/
    

  • Next message: Shannon Appel: "[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1"

    Relevant Pages