Defenders of the web unite

By VIKKI BLAND

As spam, computer viruses and other internet security issues continue to affect businesses worldwide, employers are beginning to value IT employees with honed IT security skills and expertise.

Evan Lyon, enterprise architect for manufacturing giant Carter Holt Harvey, says although he spent eight years at CHH and 20 in the IT industry, security became a focus of his job relatively recently.

"Business awareness of security issues has increased in recent years," he says.

Lyon, who has a computer science degree, describes himself as a control freak - not a bad personality trait for someone who, along with other duties, creates security strategies for CHH's wider IT team.

He says while organisations often use outsourced providers for the all-important but often mind-numbing task of patrolling electronic perimeters, the goal of any IT security team should be to deliver an IT service that people don't have to worry about.

"Good security is more proactive than reactive. It's like the book by [former Intel CEO] Andy Grove - Only the Paranoid Survive," says Lyon.

According to the MIS Top 100, CHH is the 14th-largest user of information technology in New Zealand, with 5500 computers and some 1300 laptops.

As laptops connected to wireless networks or taken home for interaction with personal PCs cause many organisations unique security headaches, it is not surprising Lyon says all members of an organisation's IT department should be security-savvy.

"Security knowledge should be baked into every IT team member."

So what should an IT graduate interested in a career as an intrepid cyber patroller be doing to impress a future employer? Lyon says an inquiring mind, the ability for structured problem solving, and fundamental understandings of the core components of security are basic starting blocks.

"They need to understand authorisation, authentication, non-repudiation, and confidentiality. In an interview I would be asking these kinds of questions," he says.

He recommends graduates upskill through ongoing web research.

"You get a lot of attackers, so it is hard to be a defender. You need to keep your eyes open and read widely to stay up to date with changes."

However, he warns "security nazis" without business acumen not to enter the delicately balanced area of IT security.

"A true security professional has to deal with the ambiguities of balancing business risk with the [reality] that security technologies reduce business workflow flexibility. I often see IT people who don't understand that trade-off."

In other words, security hopefuls need the nous to make security strong enough to keep the wrong people out but not so annoying that the right people won't use it.

The good news for those who get it right could be an above-average pay packet. Lyon says top enterprise architects with security strengths can attract salaries of between $100,000 and $150,000.