Re: researching job of "security auditor"
From: Todd H. (comphelp_at_toddh.net)
Date: 14 Dec 2003 16:23:05 -0600
firstname.lastname@example.org (walterbyrd) writes:
> What qualifications are generally required?
Varies. A knowledge of network security, TCP/IP, what a firewall
does, knowledge of multiple operating systems, and common exploitation
techniques are the general qualifications.
There are various certifications out there CISSP, and the like, but
I'm not sure many are looked as must-haves for entry level security
> Who hires security auditors?
Varies. The need is arguably pervasive.
> Do most work as consultants, or regular employees?
> How long does a security audit generally take? Is it usually done by
> one person, or a team?
Varies based on scope of project.
> Is there much demand for security auditors?
Yes, I'd say. Increasingly so. IT security issues are going to get
worse before they get better. Companies ignoring security do so
increasingly at their own peril as additional large software
vulnerabilities in widely deployed applications are found, as attacks
get more sophisticated and malware writers increase the complexity of
> Any other information you could provide would be helpful.
These are hard questions to answer since they're fairly broad.
-- Todd H. http://www.toddh.net/