Aaron Weaver works in the basement of his Pottstown, Pa., home making the Internet a little safer.
His skills as an information-security specialist are in such demand that his employer, Pearson Education, let him work from home after he told the education-publishing firm he wouldn’t relocate to Colorado when it recruited him.
With increasingly frequent reports of big companies such as Google, DuPont, GE, and Johnson & Johnson being targeted by hackers, the “infosec” career field is growing “as fast as online computing is expanding,” said Weaver, 33.
As new technologies spread, so do the security threats, said David Foote, CEO and co-founder of Foote Partners L.L.C., in Vero Beach, Fla., which conducts independent research on information technology jobs.
“It’s the blessing and curse of technology,” he said, adding, “It’s a slam dunk to work in security.”
In 2007, spending on security as a percentage of operational IT spending by businesses was 7.2 percent, Foote said. By 2010, it had increased to 13.5 percent.
Weaver, the married father of three, graduated from Bob Jones University in 2000 with a degree in graphic design, but was later drawn to computer science.
“To be quite honest, there wasn’t that much money in graphic design,” said Weaver, who was born in Quakertown, Pa., but grew up in Kenya.
As a security specialist for Pearson Education, a global publisher of print and online educational materials, Weaver works to assure the security of Web applications related to online teaching and to protect user data, such as student grades and teacher-student interactions.
He also ensures that the company complies with a wide array of privacy laws and regulations.
Weaver can rattle off numerous examples of where security needs to catch up to the galloping pace of new technologies.
Think about your smartphone and all those nifty mobile apps you trust with your personal data.
Think about “cloud computing” and how it has shifted much of what you once did on your physical computer to online services, such as photo storage.
Think about the regulations that govern information security that differ from state to state and nation to nation. “Global companies need experts on all regions and what you can and can’t do,” Weaver said.
Information security is not limited to computers, networks, and databases.
Security needs are emerging with technological advances in cars that will soon transmit status reports via e-mail, or smart meters that communicate information about household electric usage, said Ed Schlesinger, head of electrical and computer engineering at Carnegie Mellon University in Pittsburgh.
“There’s security even in the recycling and disposal process,” he said, referring to personal data left on devices that are discarded.
Just last week, New Jersey’s state comptroller reported a major problem — nearly a third of state computers ready to be sold at public auction still contained Social Security numbers, health records, and child-abuse documents.
Corporate executives are waking up to the bad publicity that companies suffer when their data, especially their customers’ data, are attacked or stolen.
“You could take down an entire company, an entire brand,” Foote said.
Even a company whose expertise is Internet security is not immune. Take the example of HBGary Federal, which was rocked by an attack from the hacker activist group Anonymous last month.
When the Washington firm’s chief executive, Aaron Barr, threatened to reveal the identities of Anonymous members, the group struck.
Hackers broke into the California company’s network and stole tens of thousands of emails, which were then posted online. Following the embarrassment, Barr announced his resignation.
The even bigger story is how WikiLeaks has unloaded troves of confidential U.S. military and diplomatic documents into the public domain, proving that information security is more crucial than ever.
Dice.com, a national job-listing website for technology professionals, has more than 1,300 information-security jobs listed — a 54 percent increase from this time last year, said Tom Silver, senior vice president for Dice.
Information-security skills “are in high demand as companies face an increasing number of threats to their technology platforms that didn’t exist years ago,” Silver said. “Firms will have to invest in highly skilled tech talent who can prevent breaches and patch gaps in security to protect confidential and valuable data.”
The jobs can pay well. Security analysts, security architects, and security engineers made an average of $89,620 last year, up 4 percent from 2009, said Rachel Ceccarelli, a spokeswoman for Dice.
Carnegie Mellon has one of the few programs in the nation that offer degrees in information security.
“Our students have no trouble finding jobs,” said Jennifer S. Burkett, director of career services and external relations for the Information Networking Institute at Carnegie Mellon.
“My phone rings on a daily basis with companies calling me wanting to hire students. We have 100 percent placement,” Burkett said of the master’s program.
During a recent lunch interview, Justin C. Klein Keane, 36, an information-security specialist at the University of Pennsylvania School of Arts and Sciences, assumed that, from when he sat down until his order of noodles arrived, the university’s computers had been subject to multiple attack attempts.
“Somebody’s always trying to break in,” he said.
Klein Keane got a master’s degree in U.S. colonial history, but moved into Web programming and then security.
“It’s digital detective work,” he said. “You can walk into your office and have a whodunnit.”
Source: McClatchy-Tribune Information Services.