So, I have been thinking a lot recently about the future of cyber security professionals. Some of you may have even seen me posting ideas on LinkedIn. One of my contacts, Kandy Zabka posted a comment that really struck me. In essence, what she said is that we need a new class of specialists: Security Designers.
When she first posted the comment, I liked it, but the more I thought about the term, I think she is exactly right.
The simple fact is that we have many people in IT Security that are very good at what they do. They have all the certs, worked for all the great companies, and have years of experience. However, the world is asking for more.
Don’t get me wrong, we still need spyware experts, security architects, antivirus and firewall gurus… but I think we need more than that. All of these roles play within their respective sandboxes. I envision a Security Designer as the person that not only moves from sandbox to sandbox, but is the person trying ideas that other may consider completely off the wall. The Security Designer isn’t thinking about the building blocks of security, but is thinking about what else can be done with those building blocks… and what other (non-security) building blocks might be out there that can be used to enhance security. The Security Designer isn’t thinking about how to lock more down, but why does it need to be locked down in the first place… and when something does need to be locked down, that person is jumping on new ways to protect. Remember, the easiest way to win a fight is to avoid one in the first place.
Tell me what you think. Do you think we need a Security Designer role? If so, what would they do?