It’s a keyword world out there. Whether you are looking for your next job or building a case for a promotion or transfer, the keywords you define on your resume, LinkedIn profile and application really matter. To demonstrate your ability to keep up in the field, terms like Cloud, Big Data, mobile, SaaS, data science, etc., help you stand out. And given the recent hacking issues with Experian and Uber (and more), security is one of the most valuable abilities you can claim.
Over the years, as IT silos have broken down (DevOps, anyone?), security is the one area that seems resistant to de-siloing. Security is really everyone’s job. As a PC user, do you carefully select and protect your passwords? Have you changed the default passwords on software? Are your passwords taped on the bottom of your desk protector or drawer? Do you use unsecured WiFi for company business or personal, financial transactions? Are you carrying around credit cards without an RFID-blocker to protect your data? These simple steps are critical, but they don’t constitute security competence.
For developers and database managers, there’s a way to add that coveted ‘security’ keyword by simply becoming aware of the ways in which our work can contribute to ensuring the safety of corporate data. While websites can be hacked, the biggest concern in the IT world is a data breach. It’s easy to forget that data doesn’t live on disk drives alone. To survive in a global, always-connected world, this critical data is shared across systems, data centers and often with other companies.
Not all data is created equal. Despite the concerns of some companies, accidental or deliberate release of SMF and RMF data probably won’t cause any heartache for company CEOs or customers. What matters are the sensitive fields and files, which too often, aren’t documented as needing special security. As developers, we don’t always have insight into the fields, but we can use logic. When dealing with anything regarding customer information, we need to consider how we are using it in the code and who might be able to see it.
By recognizing and documenting exposures and teaming with the security team to put protection in place, you have set demonstrated your knowledge of the requirements. You can also play a role in helping to select security and anonymizing software based on your understanding of the workings of the application. Step up to the challenge. Given the cost of security breaches to your company, both tangible and intangible (lost brand image and status), you have the opportunity to demonstrate the increased value you contribute to your company.
Security is everybody’s job, and now, it can be a career-builder too.