Hot money makers for 2008
If you're a consultant wondering where 2008's billable hours will come from, the answer lies in the continuation of last year's key trends in big firm consulting:
- vulnerability and threat management;
- security monitoring;
- identity and access management;
- continuity of operations; and,
- security awareness development.
Since these are all different labels for selling the same basic action set consisting of PC lockdowns, user audits, and threats; almost any resume can be modified to show your expertise in one or all of those areas.
Ever set up (or just walk past) a SAN? Can you say "full disk cryptology" and "compliance and safe harbor provisions" ? Great, you're clearly qualified as a storage security analyst of proven expertise. Know how to reboot your laptop from a usb thumb drive? ever mail one to yourself or backup to your google email account? Ok, can you say: "virtualized, role based, storage life cycle management"? "iscsi remote access services"? and "virtualization adjusted thin provisioning"? - Yes? ok, you're obviously an expert on continuity of operations.
Nothing hard about this, is there? - just remember: as long as the clients don't know squat about this stuff either, it's the Powerpoints, and only the Powerpoints, that count.
There's a truth here too - I don't know if you want to know, but just between us: Wintel networks can't be secured - Microsoft can't do it, the British National Health can't do it, the U.S. Navy gave up on trying - it can't be done. Your success as a consultant on this stuff will depend on where the attackers choose to go, not on what you get the clients to do. They go elsewhere, you look good. Period. It may sound cynical, but it really is as simple as that - so go ahead and play the odds, because, you know, as long as there's a Microsoft, you'll always find other clients.