Our Team Is Hiring Again: Join Gartner GTP Now!

It is with great pleasure that I am announcing that our team is HIRING AGAIN!

Join Security and Risk Management Strategies (SRMS) team at Gartner for Technical Professionals (GTP)!

Excerpts from the job description:

• Create and maintain high quality, accurate, and in depth documents or architecture positions in information security, application security, infrastructure security, and/or related coverage areas;
• Prepare for and respond to customer questions (inquiries/dialogues) during scheduled one hour sessions with accurate information and actionable advice, subject to capacity and demand;
• Prepare and deliver analysis in the form of presentation(s) delivered at one or more of the company’s Catalyst conferences, Summit, Symposium, webinars, or other industry speaking events;
• Participate in industry conferences and vendor briefings, as required to gather research and maintain a high level of knowledge and expertise;
• Perform limited analyst consulting subject to availability and management approval;
• Support business development for GTP by participating in sales support calls/visits subject to availability and management approval;
• Contribute to research planning and development by participating in planning meetings, contributing to peer reviews, and research community meetings

In essence, your job would be to research, write, guide clients (via phone inquiries/dialogs) and speak at events. Also, we do list a lot of qualifications in the job req, but you can look at my informal take on them in this post.

So APPLY HERE!

P.S. If the link above fails, go to https://careers.gartner.com and search for “IRC26388”

P.P.S. If you have questions, feel free to email me – I cannot promise a prompt response, but I sure can promise a response.

P.P.P.S This is cross-posted from my Gartner blog.

Related posts:

• On Being An Analyst or WHO Are We Hiring?
• Our Team Is Hiring Again: Australia Only [position filled]
• Our Team Is Hiring Again: UK/Europe Only [position filled]
• Our Team Is Hiring [position filled]
• The Last Blog Post! (when I joined Gartner in 2011)

One Year at Gartner!

Believe it or not, but I've been at Gartner for a year. One whole year has passed since that infamous blog post. I don't feel like diving into deep reflections and long contemplations about it, but I wanted to share how it was. During this year, I …

• learned a lot, and expanded my security knowledge into new areas such as denial of service defense 
• found out that being an analyst is a lot of fun
• realized that there are many levels of writing excellence beyond the level that I thought I had …
• interacted with a lot of smart people both within and outside Gartner
• helped dozens of our clients – both security vendors and large enterprises - with their security challenges, some simple and some pretty esoteric
• discovered that a lot of companies are not where our industry pundits and "thought leaders" say they are (“what is more common  today at large organizations, cloud or Windows 2000?”)

That's about it - I am really looking forward to my second year!

The Last Blog Post!

This is my last blog post –for the foreseeable future. It is dated 7/31/2011 at 11:59PM. What happens tomorrow? A new life, of course!

As only very few of you know, I have accepted a position of Research Director with Gartner, Inc. Tomorrow I am joining a stellar team lead by Phil Schacter, formerly from Burton Group.

I spent two VERY successful years consulting, working with companies like Novell, RSA, LogLogic, NitroSecurity, eGestalt, ObserveIT, Tripwire, AlienVault, “Big MSSP”, “Big Insurance Company”, “SaaS Log Management Company”, “IT Management Software Company”, “SMB Security Company”, “Big Networking Equipment Company”  and others. I defined,  built, deployed, and marketed security products, mostly in the area of SIEM and log management. I helped organizations with security and PCI DSS strategy. I advised security vendor management on compliance strategy for their products. I have spoken at clients’ events and have written more whitepapers than I care to admit… as well as did a lot of other fun things!

It was fun and I loved it - and as my clients can attest, I was good at it. Also, I was more busy than I thought I’d be, and occasionally more than I wanted to be. However, at some point I started to feel that I need another step up. And so I am making that step now!

In accordance with my future employer policy, I have resigned from the Advisory Boards of Dasient, Securonix, nexTier Networks, Savant Protection, eGestalt, and Rapid.IO. Good luck to all of you!

In all likelihood, I will eventually resurface at Gartner blogs – please look for me there.  And finally, those who love my personal blogging (all 4007 of you as of today), don’t despair – I will still occasionally blog here on non-infosec subjects: think good books, laser weapons, hypnosis, skiing, travel and my other weird hobbies

Finally, I want to give very special thanks to Lee Kushner for his super-valuable career counseling that helped me make this difficult career choice.

Possibly related posts – my past “career decisions” blog posts:

• Going to Consulting
• Going to Qualys
• Going to LogLogic

Job: Director of Product Marketing at SIEM Vendor

I am posting this as a small favor to my friends at NitroSecurity.

Description:

The Director, Product Marketing is responsible for developing, planning and executing externally-focused product marketing strategies, plans & programs for the industry leading NitroView SIEM, log management, database monitoring, application monitoring and IDS/IPS solution. They will research & understand security market trends by working with industry analysts and engaging prospects & customers, closely monitor & analyze competitor offerings and develop value propositions, product positioning and messages for enterprise and government markets worldwide. They will drive and lead all new product launch and introduction activities, and support on-going product and solution campaigns and programs.

Candidates in metro Boston, metro Washington DC or open to virtual, home office arrangements are welcomed to apply to jobs@nitrosecurity.com.

Responsibilities:

a. Work closely with Product Management, Engineering and Operations to fully understand current and planned technologies, products and solutions

b. Conduct competitive research and provide analysis on competitive advantages & competitor claims relative to customer needs.

c. Determine product positioning & product messaging and create & manage a broad range of product and solution collateral, on-line content, white papers, blogs & sales tools

d. Develop and deliver new product training to field sales, systems engineers and channel partner and technology partner organizations

e. Key company spokesperson, presenting to prospects, customers, partners, press and analysts in person, via webcasts and at industry conferences.

Experience and Qualifications:
a. 10+ years of product marketing experience in security/networking assignments
b. 5+ years security industry experience

c. Excellent speaking, writing and presentation skills
d. Strong analytical skills, including business, markets and competition

e. Team player with proven success in high growth environments

f. Technical undergraduate degree preferred or equivalent, MBA or equivalent advanced degree preferred

Apply via: jobs@nitrosecurity.com.

JOB: SIEM Architect at RSA

As a favor to yet another friend, I am posting yet another SIEM-related job. IMHO, it is an ideal position for a good architect looking to jump ship from a failing or “non-performing” SIEM vendor:

The RSA Security’s fast-growing  Security Management group is looking for the best technical minds to develop the next generation of Security Information and Event Management (SIEM) software.  We are building a great organization with talented employees with the highest ethical and professional standards who deliver a portfolio of products to enable our customers to protect their information assets.

Ideal candidate will have broad knowledge of IT security with proven ability to architect and build complex enterprise systems.  You must enjoy working in a rapidly-changing, high-pressure environment spanning multiple geo locations. As a lead architect, you will exert significant influence over the technical strategy and the architectural definition of the next generation of RSA’s Security Management products.  Practical experience in one of the following areas is required: large-scale database systems, real-time design, network monitoring and analysis.

This position is full-time, based in Bedford, MA. If you are interested in joining the Security Management group in RSA, please send your inquiry or resume to Lauren Day at  lauren.day@emc.com or 978-686-2234.

… and somebody now owes me beer at RSA 

Possibly related posts:

• SIEM-related Job: Principal SIEM Consultant 
• SIEM-related Product Management Job: Atlanta, GA
• All jobs posts on my blog

To Those Escaping from Sinking SIEM/Log Management Vendors

As I am hearing rumors about some sinking (and some sunk) SIEM/log management ships, here is a special “public service” announcement to those affected by the disasters.

Don’t despair!

Quality vendors in this space are hiring like crazy, especially if you are a good Field Engineer (example) or Professional Services (example). Check out other SIEM and log management vendor sites as well, a lot of field hiring and some HQ hiring is going on as we speak.

And, if you happen to be a customer of one of those unfortunate vendors, well… pick better next time :-) Oh, one more tip: security vendors are not a reliable source of information on “security vendor longevity.” You will get wildly-crazy over-estimates (about self) and minblowingly-insane under-estimates (about competitors)…

Possibly related pots:

• All posts tagged jobs.
• SIEM-related Job: Principal SIEM Consultant
• SIEM-related Field Job: Western US
• SIEM-related Product Management Job: Atlanta, GA

SIEM-related Job: Principal SIEM Consultant

As a favor to yet another friend, I am posting yet another SIEM-related job.

Job Description

A Principal Security Consultant at Vigilant is expected to leverage his/her extensive technical abilities to provide innovative, pragmatic and business-focused security solutions for our customers. Principal Security Consultants report to the Director of Services Delivery, and are expected to work in the capacity of a Vigilant Project Managers on multiple, concurrent engagements to architect and deliver a variety of solutions, in such functional areas as Security Information / Event Management (SIEM), Security Architecture & Design, and general Security Assessments. It is expected that the Principal Security Consultant will be a mentor within the Professional Services team, and will provide expert advice and guidance to partners and newer Vigilant consultants. Applicants who reside in the NY Metro area and Washington DC area are encouraged to apply.

Skills

Analytical & Technical Skills:
• Expert knowledge of SIEM products (ArcSight, Novell Sentinel, RSA enVision, etc.)
• Ability to design complex, enterprise-scale network security architectures
• Extensive knowledge in the use and configuration of relational databases, including Oracle and SQL Server
• Expert knowledge in the use of Unix (Solaris/Linux) and Windows Server Family (NT/2000)
• Extensive experience with Intrusion Detection Systems, Firewalls, Proxy Servers, Antivirus, NAC, or other network security infrastructure
• Familiarity with the integration of 3rd-party applications (ETL tools, data mining, business intelligence products)
• Ability to analyze complex issues for impact and alternative solutions, making logical decisions based on overall product objectives
• Ability to prioritize tasks and manage time efficiently. High level of self-initiative and self-motivation.

Full info and how to apply is here.

More SIEM jobs from Vigilant in the NYC area are here.

Possibly related posts:

• All posts tagged jobs (mostly SIEM and log management related)

Skills for Work vs Skills for Getting Hired

Given the amount of attention my previous security career post gathered (“A Myth ….”), it is time for a new one. Some of it is inspired by Source Boston 2010 mentoring panel, a gift that just keeps on giving (BTW, I signed up as a mentor with that new project, InfoSecMentors).

So, let’s talk about security skills that you can prove, skills that you need for a job and skills that will pass HR filters. It shocks me – to put it mildly – that these three are often completely different – and not even overlapping.

Which ones do you need to develop? Should you spend time writing papers, hacking code or reading up on 10 domains of “see-bee-kay”? Should you get good at something that will not be immediately obvious to everybody (like reversing malware) or spent time doing something visible (like writing papers about malware without having first-hand knowledge of how it works)? Should you choose sexy esoteric area of security, get really good at it – and then notice that nobody wants to hire you for that – with the possible exception of a Russian crime syndicate? :-)

While it is extremely tempting to bark “All of them!” and stop right there, the reality seems more complex to me, as it almost always is.

• Skills that help pass HR filters (and especially certifications like “see-sssss-ph”) sure seem important as you won’t even have a chance to get to using your other skills aka be hired – unless you are a master-ninja-networker! By the way, buzzword - loading your resume is not about skills - it is about a socially acceptable form of lying: TCP/IP, UDP, ICMP, BGP, IDS, IPS, W3C, CIFS, WAF, DLP, GRC, SIEM, NAC, IAM, SNMP, SMTP, POP3, HTTP, NASL, IPv6 … ASS :-)
• Skills that will help you do the job obviously vary depending on what job you have in mind. For most entry- and mid-level security roles, these skills are technical (sorry, Mssrs Security Policy Writers). From log analysis to IPS tuning to firewall management to web application scanning, the range is broad and you need to choose.  You can pick an area and then go really deep; however, it is worthwhile to try not to pick “typewriter repair” as an area of specialization :-) Fortunately, since none of the security problems we ever faced have been solved yet, choosing wrong is very hard. If you are still lost, pick application security or pentesting. These are not going away – EVER!
• Skills that are easy to prove - typically via a multiple choice test - is another interesting set: some technical skills (such as knowledge about what is in TCP/IP header) are easy to test, while others (such as an ability to do web app penetration testing) are extremely hard to validate. I guess social engineering is an ultimate “unprovable” skill, while knowledge about how to configure a Cisco router is easier to prove. BTW, I’ve met some “Cisco Gear Master Magicians” whose skills bordered on divine – they can literally get that box to do anything.

And if I were to give some advice on this that I wish I received when I started in security, I’d say focus your energies like this:

1. Put most of you energy in developing skills that will be most useful at work – work you do at your current job or the one you dream about (aka your next job :-)) As I said above, it is more likely that these skills are technical.
2. However, balance the time you spent practicing technical skills that are simply fun for you with the ones that are easy to prove to potential employees. Let’s call them “visible skills.”
3. Severely limit the time you spent on developing skills just to pass HR filters – instead get better at networking! Darn, even Twitter skills are better than practicing your daily laps in alphabet soup like the mess above.

To figure out that point, I once asked my wise mentor “Why do you still run /bin/bash, awk around and install Fedora, after you wrote three books, sold a company, gave a dozen keynote speeches and run a profitable consulting business for many years?” He – wisely, of course – said: “So that I can be a sysadmin if shit hits the fan.” This line is still stuck in my head after many years!!

Otherwise, you risk being of those types who respond to an ad for “firewall admin, must have CISSP” and end up crashing the network, which is kinda sad. For example, for many years I’ve had this bizarre unconscious skepticism towards people whose main skill is to write security policy. Writing this post cleared my head as to why: a well-written security policy does EXACTLY nothing for security … unless it is implemented.

Finally, some folks reading this will say – “screw the skills, I just want to be an expensive loudmouth for hire.” OK. There are indeed a few who rose to such noble occupation… First, you have to slave away for many years doing something else – and then hope that eventually people will want to pay to listen to your rants. Second, you can join Gartner, still slave away for a few years – and then maybe people will pay for your “loudmouthery.” In both cases, you’d still need some “+5” to Luck :-) And then maybe you can be “a mercenary loudmouth.”

But this is likely a subject of another post.

Possibly related posts:

• A Myth of An Expert Generalist
• Source Boston 2010 Conference Notes
• All posts labeled “career”

SIEM-related Field Job: Western US

As a favor to another friend, I am posting this fun SIEM field job here:

“TECHNOLOGY SALES SPECIALIST (PRESALES), Security Products

We are seeking an exceptional individual to serve as a presales technical expert in the sale of Novell Security Management products to a variety of clients throughout the US and Canada.”

“You will be the technology expert in the sales effort as a Novell sales team works with a variety of companies in positioning Novell ISM products.  While you are part of the sales team, your efforts will still be dedicated to technical tasks up to 75% of your time.”

Full details.

Possibly related posts:

• SIEM-related Product Management Job: Atlanta, GA

SIEM-related Product Management Job: Atlanta, GA

As a favor to a friend, I am posting this job ad, related to SIEM, log management and MSSP.

This Product Manager role will primarily be responsible for SecureWorks next-generation correlation and analysis offering.

“This is a mid-level position reporting to the Vice President of Product Management. This position involves responsibility for defining new service lines as well as managing existing service lines. It is a highly visible position with enhanced opportunity for career growth.

In this role, you will drive product strategy and planning for your services and will lead the matrix team responsible for delivering these service lines. Your focus will be to work with the VP of Product Management and the Chief Marketing Officer to develop a compelling vision for your service and to execute, measure, and adjust the strategy accordingly. You must have experience in security technologies, enterprise and commercial markets, and ideally managed services. You would use your client input, market knowledge, and experience to define product plans and product requirements for services that will be highly competitive in the market and can be delivered efficiently through our Security Operations Center.”

All details and how to apply here.

So, if you end up getting hired, make sure to remember to buy me a beer :-)

Fun Job Open at Qualys: Director of Vulnerability Research

Here is a fun job open at Qualys: Director of Vulnerability Research.

Description

The Director of Vulnerability Research will be responsible for ensuring that our vulnerability and compliance signatures and detections are kept up to date on the latest technologies. The candidate will also be responsible for advanced research and detection techniques and will interface externally with the security community. Apply and read more.