I’ve had the pleasure of working within Information Security for almost 10 years. A great number of those years have been spent within the financial sector. So you’d probably assume that I know everything there is to know about banking.
So did I; until someone asked me what a hedge fund was. Sure I’ve spent time securing systems and advising irate traders how their systems don’t meet some obscure Sarbanes Oxley requirement. But I have absolutely no idea what a hedge fund is or how one operates.
I asked a friend who’s a bit of a geek what one is and he explained that it’s one of those ingenious investments which make you money regardless of which way the market moves.
Eh?
“Think of it like this” he said. You rent shares, then you sell them and then you make money.
Sounds a bit like theft to me! No wonder the bottom fell out of the financial market. All these traders are a bunch of thieves. Even though my friend did then carry on to say that you have to repay the original person from whom you rented the shares from.
Seeing my raised eyebrows he eventually thought it would be a better use of his time if he smacked a brick against his head for the next 2 hours.
So now I’m convinced that even after nearly 10 years in banking, I know absolutely nothing about banking! Then why is it that when infosec jobs are advertised people specify they want someone with banking experience? I mean what difference does it make?
I know someone who has 15 years infosec experience within healthcare, and he wasn’t given a job at a bank because of his lack of financial experience. Even though, he may have a better idea of what a hedge fund is than me.
Infosec, isn’t a specialism that is industry specific so it shouldn’t make a difference where you’ve gained your experience. The skill is identifying sensitive information, being able to assess the risk to ensure it is protected adequately. That information could be bank account details, medical records, accounting files, oil exploration results, criminal records etc. the list goes on.
So a note to all employers. Don’t worry if the candidate sitting opposite you doesn’t have “industry exposure” in your niche field of examining the mating habits of Kangaroos. Ask yourself if you believe that person can secure your information for you.
#1 by IDS Pro on October 7, 2009 - 4:40 am
I’m sure there are times where you will be judged on how quickly you can get up to speed with certain indusrty requirements, legislation – possibly time the org doesn’t have…which probably isn’t a reflection on an individual’s IS capabilities.
#2 by sidney on October 22, 2009 - 9:03 am
I entirely disagree. The risks in banking are entirely different from the risks in health. Whilst it shouldn’t be mandatory, I entirly undertsnad why someone would want a person with banking experience.
I thought IT had a come along way in the past ten years, but your comments sem to suggest it hasn’t.
Oh well !
#3 by IDS PRo on November 11, 2009 - 4:18 am
You’ve highlighted the problem – I.S. isn’t just I.T.!
The principle of risk assessment still remains. Just becouase you may have a welath of experience in health, doesn’t mean to say that those skills are not transferable to any other sector. Yes, there are differing risk apetites within both sectors, but an I.S. specialist should have adaptable and flexible to the demands of the sector/industry.
Whilst I can appreciate why someone would want the a sesaoned I.S. specialist with banking experience for their organisation, this doesn’t reflect on the skill set of the individual. We are not talking about risk apetites within the sector, we are talking about capabilities.
This is how far the I.S. industry has come in the last 10 years!