Wanted: Network security administrators
The roots of the new job title stem from the evolution of the network administrator's job, according to Randy Nelson, president of the Wendover Group, an executive search firm specializing in technology in Houston. (Nelson formerly worked as an interim CIO.)
Nelson guesses the title was coined a couple of years ago. "It's so new that most companies have yet to clearly define its responsibilities," he says. Making things more complicated, many companies have their different titles for the same job.
Job titles aside, the network security administrator position is a logical step up for network administrators. Nelson explains, "Today's hot specialties are tomorrow's commodities. That's how most technology jobs evolve." It also explains the need for network security administrators who have advanced security, analytical, and problem-solving skills.
In the early to mid-1990s, network administration was a "hot specialty as companies migrated from mainframes to the client server environments," Nelson said. Initially, network administrators were concerned with LANs, security for data, disaster recovery plans, and back-up procedures. The Internet added a new dimension to their jobs. "They had to be involved with WANs and understand security technologies, virus control, and the appropriate use of IT within an organization," explains Steve Dippold, CIO of Teradata (division of NCR), a technology consulting company in Dayton.
On a higher level, "there were new priorities which revolved around security because companies began to open up their infrastructure to third parties," Dippold adds. "Security and performance became more important in terms of making sure networks were performing well and were secure. To achieve those ends, an understanding of encryption, firewalls and intrusion, and detection technologies was essential. Protecting data--an enterprise's most important asset--became more critical than ever before."
How do you get to be a security administrator? Nelson says, "You must be a qualified and experienced network administrator before you can be a network security administrator."
Not necessarily, argues Dippold. That's only one route to the job. Teradata employs 15 network administrators and three information security coordinators, a senior high-level executive job requiring a host of skills, one of which is network administration.
Teradata's average security administrator has at least 12 years of varied IT experience. "They've come up through the ranks and held a variety of IT positions, such as programmer, UNIX or network administrator, and project director who has led large departments," Dippold says. "They're typically generalists who didn't plan on concentrating on security." Teradata's network administrators have three to five years of general IT experience.
Dippold's network administrators focus on the day-to-day operations of the network, whereas security coordinators are involved with emerging technologies and finding ways to introduce new systems to either improve productivity or reduce the cost of infrastructure. Generally, they're concerned with the use of information technology within a company.
Pay? Experienced network administrators command between $50,000 and $70,000. The senior jobs of security administrator and information security coordinator usually start at $100,000, Nelson said.
How do you get to be security administrator or coordinator? Working your way up through network administration ranks won't do it. A solid IT education is essential, says Dippold. At the entry level, he looks for candidates with computer science or IT degrees with an emphasis on data warehousing and data management. "Before you look for a job, you ought to know how networks are administered and put together," he says.
Nelson suggests pursuing large companies with internship programs. "That's a good way to deal with the catch-22 [of] no experience, no job," he says.
Once employed, Dippold advises getting a broad range of IT experience, rather than getting stuck in a niche for several years. And stay on top of security technology.