By Sharon Wiatt Jones
As you blissfully use social media, a growing army of security professionals protects you (and their employers) from harm. Defcon and BlackHat conventions are attended by participants eager to learn the “hacker mindset.” RSA, Security Division of EMC, labeled 2011 as “The Year of Phishing,” as it occurred in 1 out of 300 emails and netted an average of $4,500 for each attack. In 2011, more than 1,000 cases of malware were discovered in Google’s Android products. Apple, considered more secure, found its iPhone hacked in 2011 by a 19-year old Brown University student. An Apple fan, his motive was the challenge of code breaking, not theft. A Deloitte study identified mobile devices as the leading computer security threat for 2012. According to security strategist Rob Rachwald, his 11-year-old child could perform an SQL injection attack after15 minutes of instruction. Once done manually, criminals may now use automation to uncover protected data. The U.S. Department of Labor predicts growth in the emerging career of cyber-security. Some of these jobs include mobile device security or “ethical hacking,” fraud prevention, brand protection, and social media monitoring.
Mobile Device Security. A CyDesign job opening for a software engineer (platform demolition/SDET) asks potential applicants: Were you were the kid who was always curiously taking things apart to explore how they worked or tried to break them for the thrill of it? …apply your technical expertise to inflict some serious damage and get paid for it, in a software demolition, chaos, security and/or hacker capacity. Software development engineer in test (SDET) is a common abbreviation in computer security. Similar job titles include patent engineer/hacker, malware/security engineer, security penetration tester, and application security specialist. Microsoft seeks security engineers: Do you…see yourself in the role of making on and off-premise computing safe for the good guys while keeping the bad guys at bay? … do your part to fight the forces of evil. Cybercriminals could attack victims through malware (viruses infecting software), social engineering (deceiving people into accessing harmful attachments or links), scareware (fake virus alerts), and phishing (electronically attempting to obtain personal information under false pretenses). Other tactics include malvertising, mobile pickpocketing, jailbreaking, sandboxing, and mobile botnets. Some weapons used in defense of consumers and employers are fuzz testing, blacklisting, spambots, and network sniffers. The Internet fraud analyst or customer support-fraud prevention specialist identifies and deactivates criminal websites committing identity theft through phishing or malware. Forever inventive, criminals may use variations of phishing: vishing (automated recordings) or SMSing (mobile phones). Other variations are spear phishing (highly personalized and believable lures) and whaling (directed at sensitive targets such as government officials). At one employer, a customer support engineer provides end-user support for a web security hacking application. Facebook’s fraud investigators in risk operations look for patterns to ensure that merchants are legitimate and do not make unauthorized transactions. Successful candidates for this job enjoy finding patterns amidst chaos, solving puzzles, making quick decisions, working collaboratively.
Brand Protection. To protect the safety of online users and reputation of the organization’s brand, employers need to “practice security Judo,” according to expert Andy Ellis in a Tripwire article. The Brand Protection Analyst guards against infringement of trademark and copyright law. A Distinguished Technologist at one firm identifies, captures, and protects intellectual property through filing patents or acquisitions.
Social Media Monitoring. Zoosk, a romantic social network, hires customer support-fraud prevention specialists to review member content for offensive photos and violent or abusive text. Amazon’s Kindle team needs risk management specialists with “a passion for reading” to screen member submissions sensitive for religious, political, or other reasons. Due to NCAA compliance regulations, social media monitoring companies (e.g. UDiligence, JumpForward, and Varsity Monitor) target inappropriate posts and photos by student-athletes. Opportunities: Employers often look for experienced applicants with certifications: Certified Ethical Hacker; Computer Hacking Forensics Investigator; Certified Security Analyst/License Penetration Tester (LPT).
Information security (infosec) internships are available in areas including software engineering, technical support, web application programming, systems test engineering, and services marketing. Recent college graduates are recruited for positions such as Internet fraud analyst, data analyst, brand protection analyst, and software engineer-web application firewall. Depending on the role, employers often seek qualifications in computer science, MIS, and computer engineering. Other degrees typically sought include behavioral science, statistics, economics, and user interface design. The founder of the DefCon and Black Hat conferences has a BA in criminal justice. Professionals with at least three years of experience may qualify for jobs as an incident response consultant, fraud investigator, or information security engineer, among others.