Digital Security: Pay, Prospects, & Trends

[trollcast]

How big / employable is the field for digital security at the minute and what's the sort of trend for the future looking like?

Is the pay similar or above / below average to most other computer science / engineering jobs?

Its just that the security modules are one of the main differences between 2 courses I'm looking at and I'm sort of interested in the field but wondered what its like for realistic prospects.

 

[MathWarrior]

Most of these questions are easily answered when checking a site like http://www.onetonline.org/. I would say the pay is likely below that of a computer science/engineering field but considering they are very similar, you might be able to go either way.

 

[JakeBrodskyPE]

I presume you're talking about computer security. If not, please ignore what I'm about to write.

This field is growing rapidly; however, like safety system engineering in the 1960s and 1970s, it is not a study that you can pursue in abstract on its own. It is something best studied with other fields, such as accounting, engineering, software design, hardware design, and so on. Security is not something you can bolt on after the fact. It needs to be designed into each and every thing that needs it from the start.

So, you ask does it pay? Well, it does, but the income isn't particularly stable for many practitioners. Job stability is often not very good. This is one of those positions where you often have to explain to people that their emperors are prancing around buck naked in public. Human nature being what it is, people don't like hearing such news and they often shoot the messenger.

But is it fun? Many who practice it really love what they do. You might too.

 

[elkement]

How big / employable is the field for digital security at the minute and what's the sort of trend for the future looking like?

Is the pay similar or above / below average to most other computer science / engineering jobs?

I have worked as an IT security consultant specialized in implementing and designing Public Key Infrastructures for 10 years. In my opinion security is "hot" and the pay is above the average of other IT / CS jobs. I believe it is important to become an expert in a sub-field as "security" is a very broad field.

I am from Europe so take this with a grain of salt. However, I mainly worked with international clients, so I think there is a demand on a global level.

The main drivers in my point of view are 1) new types of "cyberwar" attacks (think Stuxnet) and 2) requirements related to "corporate compliance" in general. While 1) is very exciting, 2) is not necessarily so ;-) (my personal bias)

I cannot provide any advice on courses etc. as I am a physicist with zero formal education in security - I entered the field at a time it was very open to people with any technical background, and I managed to gain quite a reputation in the PKI community in my country.

However, I still believe IT and in particular the "hacker community" value experience way more than any formal education. E.g. Ralph Langner, one of the main decoders of Stuxnet and renowned industry expert in industry control security is self-taught and a psychologist by education.

 

[JakeBrodskyPE]

I cannot provide any advice on courses etc. as I am a physicist with zero formal education in security - I entered the field at a time it was very open to people with any technical background, and I managed to gain quite a reputation in the PKI community in my country.

However, I still believe IT and in particular the "hacker community" value experience way more than any formal education. E.g. Ralph Langner, one of the main decoders of Stuxnet and renowned industry expert in industry control security is self-taught and a psychologist by education.

Ralph Langner has known me for years. Most people who study industrial control security stumbled into it by accident. I stumbled into it by accident. So did Ralph. We are all very conscientious people who realized that there was a big gap in understanding between the fields of control systems design, and IT security.

Some of us stumble in from the Engineering side of things, and some of us get into it from the IT side. However, there are no formal courses in universities that cover this subject and there really isn't any way to get experience besides getting dirty and doing it. In fact, control systems engineering itself is quite uncommon in most universities and very few of them can teach you anything about how a SCADA or DCS is designed or protected.

My point is to learn to follow your muse and if you see a need that you think you can fill, do it. Though we might wish otherwise, you can't learn everything you need to know from a university.