This is targeted specificly as the titles 'security architect' and 'security engineer', but these are frequently filled by people we would consider senior sysadmins (or at least I think they should be :-)
David Lang from the SANS newsbites e-mail --Security Architects and Engineers Seek Higher Standards of Professional Qualifications (May 12, 2010) Do you have anyone in your organization called a security architect - or security engineer or IA architect or engineer? If you do, you might find it useful to know that only about 30% of the people holding those titles have substantial security architecture or engineering knowledge. The rest do not know the key questions that seasoned security architects and engineers ask, they cannot do quick and reliable risk assessments, they do not have models of successful designs nor do they have the examples of failures nor the rest of the body of knowledge that defines an engineer or architect. They were able to take the titles because few employers knew what a good security architect or good security engineer needed to know. Worse still, some government security organizations completely devalued the titles by certifying people as security engineers and architects if they knew federal regulations and project management even if they had *no* technical security talent at all. The bar for holding those titles is now rising. A consortium of organizations where security architecture matters (you can guess which ones they are) is meeting the last week in May to provide a foundation for the missing body of knowledge and to begin the national consensus building project that will lead to a trusted designation as a security engineer or architect. If any of the people who work with you are really good security architects or engineers (even if they don't hold those titles) please encourage them to come to the kick-off meeting that will launch the national consensus-building project. And if some people want to be really good but haven't yet been connected with the network of seasoned architects and engineers who can help build their skills, they can come too, to learn and help make the work accessible. Information: http://www.sans.org/security-architecture-summit-2010/ _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
