Slim pickings for an IT gourmet

[InfoSec News <isn () c4i org>]

http://www.smh.com.au/articles/2002/08/13/1029113885156.html

By Nathan Cochrane
August 13 2002
Next

Raymond Key knows a lot about information security management and
Chinese food. Since arriving in Australia from his native Hong Kong
eight years ago, the 42-year-old has discovered Australians' taste for
Chinese food has matured markedly. The same couldn't be said for
Australia's approach to computer security.

Despite being one of only about 40 certified information systems
security professionals (CISSPs) in the country - qualifications
apparently in such short supply it is on the Federal Government's
Migration Occupations in Demand List - Key, a father of two, has been
unemployed since January.

He would like to join a small company, even on a lower salary than he
commanded in the United States, and work his way up.

"I don't need $100,000 (a year),'' he says. "I'm flexible on money.

"I'm going to start looking at jobs in other states. I've tried to
stay in Melbourne because I've got children and my boy is in year 3
and to move around is very tough. If I have to take a job in Sydney or
Brisbane I would move there myself."

It's not that Key doesn't have relevant experience or other strings to
his bow - he's also one of few Cisco-certified Internetworking
experts, a top-level certification that requires a practical exam.  
And, before leaving Hong Kong, Key led a team of 30 in a $HK90 million
project to modernise the information infrastructure and security of
the Royal Hong Kong Police Force.

He returned to Australia last year after a stint working on a US H1B
visa for a Cisco partner in North Virginia, home to more spooks, geeks
and phreaks (phone hackers) than anywhere else on the planet.

Being an out-of-work IT specialist is not news. There are thousands of
professionals scouring job ads and talking to recruiters looking for a
place or working for much less than they once earned. What is unusual
is that, despite the rhetoric from government and business about
becoming more security conscious, not even Key's impressive resume can
persuade an employer to hire him. It must make every malicious hacker
smirk.

His recruitment consultant at Hays IT Personnel, Paul Rowley, is
baffled by the unwillingness to hire security architects. "With
Raymond, I've gone out of my way because he has this unusual
certification that on the face of it people would want," Rowley says.  
"It's been amazing the lack of take-up."

Rowley and Key hope increasing awareness of CISSP will turn things
around before Key's savings evaporate. The family is living off the
proceeds of its US home sale.

"The certification is primarily for those in security consulting and
is also a well-recognised credential for chief security officer, a
role in organisations that has yet to take root here but has been
established in the States," says Dimension Data business manager and
fellow CISSP, Tim Smith.

One of the problems with the CISSP exam is that it is very broad,
covering areas such as security in buildings and even how many fire
extinguishers a data centre should have. It covers a lot of ground but
not in any great depth. It is focused on the needs of US government,
business and military.

The attitude to employing security professionals can be likened to
Chinese cuisine.

Australian employers have such a rich field of unemployed talent they
can choose the skills they want like yum cha delicacies on a trolley.  
They want a little bit of everything, don't want to commit to any one
flavour, in a meal that is served quickly. Employers like it this way
because they can get a project up to speed immediately.

Key, and thousands like him, are like a Chinese banquet that takes
time to appreciate.

Key says security-related work is now being handled mostly by staff on
the ground who may not have adequate training. Seldom is someone
directing security policy at a senior level.

"Security comes into every aspect of IT," Key says. "If I take someone
to design a big application architecture, I would be more than happy
if they have CISSP because they will consider within the application
environment and functionality and features the security risk."

The decision by the Immigration Department to add CISSP qualifications
to its list may be a burden as well as a blessing. As more CISSPs
arrive and take more senior positions, it may become easier for
security professionals to find jobs, he says.

"If you are talking about: Do we need to let more highly qualified
specialists migrate to

Australia in general?, we better stop for a while, because even I
can't get a job," Key says.

"But (as to) who these guys should be and what attributes they should
have, then CISSP should be there."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.