The 2012 InformationWeek Salary Survey shows that security is one of the hottest sectors of the IT job market. But discussions with IT security pros suggest that they are, for the most part, considered a necessary evil by the rest of their organizations.
Even with the harsh glare of high-profile data breaches–recently intensified by the Anonymous hacktivist collective–IT security professionals often find themselves having to defend their group’s mandate of defending the organization. Their efforts are often construed as a disruption to business operations, rather than a strategic element. “I feel like Don Quixote sometimes,” said a senior information security analyst with a community college district. “There’s lots of cooperation and collaboration with IT, but [some in the organization] think I’m a pain.”
He said the vulnerability assessment and penetration testing he does to check for security holes are seen as disruptive to operations, and he’s often restricted to running these tests on holidays. “I get flak for pointing out they have a problem,” he said.
In one case, for example, he was chastised when an unpatched and misconfigured device knocked several switches offline during a vulnerability assessment. “The reality was that the switch was not patched, and it was vulnerable because it was misconfigured,” he said.