Computer security professionals have the toughest job in the world. We have to be as smart and creative as doctors and engineers, but our field changes even faster.
Each month, I read 20 security-related magazines and one or two books; each day, I check out at least an hour or two of security-related news or blogs. I read computer security articles not only in the bathroom, but also while getting my hair cut and waiting at traffic lights in my car. I take any free opportunity to learn more about my field. I know I'm not alone. Heck, if you're reading this, you may be a security geek yourself.
[ Get expert advice about planning and implementing your BYOD strategy with InfoWorld's 29-page "Mobile and BYOD Deep Dive" PDF special report. | Also check out our "Cloud Security Deep Dive." | Keep up with key security issues with InfoWorld's Security Central newsletter. ]
The hardest part of being a computer security professional is figuring what you have to know for the next phase of your career. You're only as good as your last two years, and in two years another technology always comes alone to replace the one you know all about. You need to re-invent yourself and your career every 24 months.
The question then: Where does security go from here? Well, when it comes to the big paradigm changes, the writing on the wall has been visible for a while.
Like, you know, the cloud -- for better or worse, many companies are searching for "cloud security experts." At the very least, security pros need to bone up on the cloud architectures employed by the big three: Amazon, Google, and Microsoft. How do they work? How does their security work? What are the weaknesses? Diving deep into this area can go a long way. Help your company with the security side of the cloud transition, and you'll long be remembered. For an indispensable resource, check out the Cloud Security Alliance, which even offers certifications.
If you're programmer, make sure you become expert in all the hot languages in our Web-focused world. Figure out which scripting languages are likely to be running on most of the world's Web servers. Will Java still be around in 10 years? How about C (and all its derivations), Python, PHP, Ruby, and Perl?
If you're a programmer, but behind the curve on your SDL (security development lifecycle) skills, get up to speed now. Microsoft's SDL website is an excellent source, containing thousands of pages of free documents and tools. The Carnegie Mellon Software Engineering Institute offers world-class training and education on SDL and many other programming topics. If it were up to me, I'd also make sure that I'm using only languages that make it easy to incorporate SDL to create mobile-centric applications -- which leads us to our next topic.
How much do you know about mobile security on the mobile platform you expect to take over the world? Do you know a little bit or are you a master? Most computer security pros I know can secure the hell out of a desktop or server, but can't tell you the basics of how security -- or the lack thereof -- functions on today's most common mobile platforms. Don't wait any longer to understand mobile security and forensics. The time is now.