網絡不斷髮展 安全人才走俏

Don't let the headlines about New Corp.'s (NWSA) recent phone follies give you the wrong idea about hacking: Cyber crime is only getting more complex and dangerous, but it is creating new jobs for people who want to fight it. Recent high-profile hacks of government sites, Citigroup (C), and Sony (SNE) have added to the rush for more qualified staff. The Pentagon has committed to spend more on cyber security even as it slashes its overall budget. Increasing threats make cyber analysis a growth area for everyone from banks to startups.

最近新聞集團爆出了電話竊聽醜聞，但千萬不要因爲這件事就對黑客產生誤解。現在的網絡犯罪正變得越來越複雜、越來越危險，但它也催生了一個新的工種，很多“防黑客”的工作。最近美國一系列政府網站遭受網絡襲擊，加之花旗銀行（Citigroup）和索尼（Sony）等大公司的被黑，促使政企兩界紛紛出手，招攬更優秀的防黑客人才。儘管美國五角大樓（Pentagon）正在大幅削減總體軍費預算，但它花在網絡安全上的開支卻有增無減。隨着網絡安全威脅的日益加大，網絡分析這一職業已經成了一個新的職業增長領域，無論在大銀行還是在初創公司裏都是如此。

Where the legal hackers are

合法黑客召集令

The good news is that the days of corporations skimping on internal cyber security are almost over. In the past, companies could get away with hiring external consultants for big jobs while simply reassigning IT managers to handle more standard threats. "A Windows administrator would have to do security as well," says Damon Geopfert, McGladrey's top man for security and privacy consulting. "But," he adds, "that has been proven an unsustainable model."

好消息是，企業剋扣網絡安全支出的日子幾乎已經成了歷史。過去，企業主要依靠僱傭外部顧問來處理重大網絡安全隱患，對於那些一般性的網絡威脅，則只是簡單地指派IT經理們來應付。McGladrey諮詢公司的首席安全性和隱私顧問達蒙•吉奧普佛特表示：“以前連Windows管理員都要會處理安全性問題。但是事實證明這種模式並非長久之計。”

Current outside cyber security firms will stick around and even flourish in the face of so many threats, but internal cyber security teams under development at major companies may provide the best growth opportunity. Businesses are looking for experts at all skill levels, from greenhorns in eight-hour shiFTs to industry greybeards who can watch the big picture.

目前，外部的網絡安全性公司仍然扮演着十分重要的角色，由於網絡安全威脅頻發，這些公司的業務甚至十分興旺。不過最有增長前途的，可能還是大企業裏的那些仍在發展壯大的網絡安全性團隊。現在企業正在四處網羅各種水平的網絡專家，他們之中既有初出茅廬的新手——可以爲企業提供“三班倒”式的值班服務，也有可以替企業運籌帷幄的行業骨灰級人物。

The skills you need

“合法黑客”必殺技

Whether you have a prior IT background or are only just entering the work.force, ways to get into cyber security are diversifying alongside its skillsets. Six or seven years ago, Geopfert says, the field was dominated by people with "hardcore security experience" in defense, law enforcement, or a major IT department that handled some of its own security.

不管你是擁有深厚IT背景的老槍，還是初入江湖的菜鳥，進入網絡安全這一行的途徑多種多樣，每條道路需要的技能組合也各不相同。吉奧普佛特稱，六七年前的時候，這個領域主要是被那些擁有“貨真價實的網絡安全性經驗”的人所把持。他們要麼在防網絡攻擊或法律執行方面擁有堅實的經驗，要麼就是在能夠自行處理某些網絡安全問題的大型IT部門裏幹過。

But now, companies aren't simply looking for veterans with long-term experience. Certifications demonstrate you're serious about the job, but they don't cut it on their own. Differentiate yourself through additional areas of focus, such as a management knowledge, risk assessment, or even psychology to join expanding teams that use interdisciplinary approaches to spot the warning signs of an attack before it happens.

但是現在，企業已經不單單把眼光投向那些擁有長期經驗的老手。證書只能表明你很嚴肅地看待這份工作，但僅憑證書卻並不能爲你贏得這份工作。你必須要對格外關注某些其它領域，比如可以額外學習一門管理知識，或者學習風險評估甚至心理學，才能脫穎而出，成功入選。因爲現在許多網絡安全性團隊都在採用交叉學科的分析方式，以便在網絡襲擊發動之前發現危險信號。

While technical credentials can get you in the door, you'll get nailed if you can't handle the work. Geopfert stresses that the industry has learned how to weed out unqualified opportunists. "You're going to have to sit down with somebody like me that will ask you to talk me through processes in 30 seconds," he says. "Go get the certs, but highlight your depth of knowledge in specific areas -- recruiters will appreciate it."

技術證書好比敲門磚，它可以把你領進門，但如果活幹得不好的話，還是一樣會被掃地出門。吉奧普佛特強調，現在業界已經學會了如何清退濫竽充數的機會主義份子。“你可能必須得和某個像我這樣的人面對面坐下來，我會給你一個任務，要你在30秒鐘的時間內說服我錄用你。”他說：“考證當然是必要的，但是隻有突出某個特定領域的知識深度，才能贏得招聘者的青睞。”

A strong academic background always helps: AT&T (T) has recently hired a dozen PhDs right out of their dissertations, according to chief of security Edward Amoroso. But Amoroso and other recruiters say they also look for computer scientists with a hacker's mentality. Even if you just have natural aptitude in lieu of an advanced degree, Geopfert says the key is to participate in industry chats and conferences where you can demonstrate maturity and show recruiters you can maintain a conversation. Being able to code in your sleep won't help if people can't stand to work with you.

紮實的學術背景也會增加你獲得工作的機率：美國電話電報公司（AT&T）的安全總監愛德華•阿莫羅索表示，該公司最近招聘了10多名博士生，他們都是剛搞定畢業論文就被公司錄取了。不過阿莫羅索和其他招聘者也表示，他們也在尋找擁有黑客心態的電腦科學家。吉奧普佛特指出，如果你恰好在計算機方面極有才華，但是卻沒有高學歷，那麼獲得工作的關鍵就是參與行業的演討會和會議，利用這些場合來展示你的成熟，告訴招聘者你是可以溝通的。如果人們無法忍受與你共事的話，哪怕你在睡夢裏都能編程也無濟於事。

Not particularly technical? There are an increasing number of "hybrid" jobs if you're all thumbs on a keyboard. The auditing side of cyber security needs candidates who might not be able to write security programs but can understand how to regulate activity.

沒有特殊的技術怎麼辦？不要着急，如果不擅長幹鍵盤上的工作，這個行業裏還有越來越多的“混合工種”等着人做。比如網絡安全的審計方面需要的人手可能不必懂編程，但卻要知道如何進行規範管理。

With salaries from $50,000 to $120,000 dollars a year and companies such as AT&T, Wells Fargo (WFC), Citigroup, Microsoft (MSFT), and Boeing (BA) on the lookout for staff, cyber security is a growing industry -- even if you're a former hacker who wants to play it straight.

美國電話電報公司、富國銀行（Wells Fargo）、花旗集團、微軟（Microsoft）和波音（Boeing）這樣的大企業在招聘時給網絡安全人員開出的年薪大概都在5萬到12萬美元之間。網絡安全是一個正在興起的行業——哪怕你以前是個黑客，現在想棄惡從善也猶未爲晚。