This is just a stupid rant.
I'm a network engineer that's a little frustrated, I have to manage new network connections into the core network and obviously support their existing infrastructure while still doing what I can to insure that their network remains secure, not to mention the core network.
So far it's mostly T-1, VPN and MPLS connections just for context.
So, I'm a network engineer but now I need to also be a network security expert. I will admit I have dabbled in it in a mixture of interest and survival, I love snort and base and mysql on linux.
It has been very useful but it's always in forensics with something that has already happened.
I was looking at a job add today that I thought was interesting, I think it kind of shows that IT folkes either have to "get more specialties" or they are going to fall behind.
I think that specializing in networking or in user support or in network security is going to fall by the wayside. The next hot thing is an expert in all these fields.
I don't think it can be done by an individual company, they just cant afford the folkes that it would take. One company that I worked for had IBM (OS-390), Solaris and Red Hat on the front end and mssql on the backend and we are supposed to keep up with that how?
Anyway, here are the job requirements (perhaps a glance into the future so study up slackers).
* Application Integrity
* Business Continuity Management
* Identity & Access Management
* Infrastructure & Operations Security
* Privacy & Data Protection
* Security Management
* Vulnerability Management
Job Duties:
* Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards
* Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement
* Understand complex business and information technology management processes
* Execute advanced services and supervise staff in delivering basic services
* Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects
* Understand clients' business environment and basic risk management approaches
* Demonstrate a general knowledge of market trends, competitor activities, Deloitte & Touche products and service lines
* Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions
* Generate innovative ideas and challenge the status quo
* Build and nurture positive working relationships with clients with the intention to exceed client expectations
* Facilitate use of technology-based tools or methodologies to review, design and/or implement products and services
* Identify opportunities to improve engagement profitability
* Participate in and actively support mentoring relationships within practice
* Excellent potential for 1) playing lead role in designated tasks of the project team in gathering, organizing and analyzing data; 2) making major contributions in assuring products/deliverables meet contract/work plan and; 3) strong potential for growth and acceptance of additional responsibilities
Required Skills:
* 5+ years of experience in developing, implementing or architecting information systems
* 3+ years technical architecture experience integrating identity and access management software into clients' infrastructure and applications
* 1-3 years experience in managing deployments of at least one identity and access management product such as: CA/Netegrity SiteMinder/IdentityMinder, Oblix NetPoint/COREid, IBM Tivoli Identity Manager and/or Access Manager, Sun Identity Manager and/or Access Manager
* Experience developing identity management strategies, architectures and implementation plans
* Experience managing projects through the full system development lifecycle
* Some experience with at least one of the following development environments/languages: J2EE, Java, JavaScript, .NET or C#
Desired Additional Skills:
* Identity Management familiarity in one or more of the following areas:
o Single Sign On
o Enterprise Directory Architecture and Design including directory schema, namespace and replication topology experience
o Resource Provisioning
o Role Base Access Control
o Java development
* Familiarity with BEA WebLogic, IBM WebSphere or Tomcat
* Experience with one or more directories such as Active Directory, IBM Directory Server, SunONE Directory Server and Novell e-Directory
* Familiarity with: major operating systems such as Microsoft Windows and Unix; mainframe security packages such as TopSecret, ACF2 and RACF; and/or leading packaged application solutions for ERP systems, CRM systems or portals
* Working knowledge of virtual directories such as Radiant Logic and OctetString
* Familiarity with federated identity and web services security concepts such as SAML, Liberty ID-FF and ID-WSF, WS-Federation and WS-Security
* Familiarity with web services security and management tools such as: Actional, AmberPoint, Digital Evolution, Reactivity and Vordel
* Experience leading business requirements gathering and translating those into system requirements
* Experience facilitating business process design as it relates to managing identities and access privileges
* Experience developing identity management governance plans
* Understanding of current regulatory environment and related implications to identity management and security/audit compliance
* Prior Big 4 or leading system integrator experience
Qualifications:
* BA/BS Degree in Business Administration, Computer Science, Engineering, Accounting or Information Systems
* Strong oral and written communications skills
* Strong potential for growth and acceptance of additional responsibilities
* Ability to take a broad view of his/her position and take initiative to communicate, interact and cooperate with others
* Demonstrated ability to write report segments and to participate in presentations
* Open to travel requirements
* Ability to work as a member of a team and independently
