% fortune -ae paul murphy

Hot money makers for 2008

If you're a consultant wondering where 2008's billable hours will come from, the answer lies in the continuation of last year's key trends in big firm consulting:

  1. vulnerability and threat management;

  2. security monitoring;

  3. identity and access management;

  4. continuity of operations; and,

  5. security awareness development.

Since these are all different labels for selling the same basic action set consisting of PC lockdowns, user audits, and threats; almost any resume can be modified to show your expertise in one or all of those areas.

Ever set up a SAN? Can you say "full disk cryptology" and "compliance and safe harbor provisions" ? Great, you're clearly qualified as a storage security analyst of proven expertise. Know how to reboot your laptop from a usb thumb drive? ever mail one to yourself or backup to your google email account? Ok, can you say: "virtualized, role based, storage life cycle management"? "iscsi remote access services"? and "virtualization adjusted thin provisioning"? - yes? ok, you're obviously an expert on continuity of operations. Nothing hard about this, right? - just remember: as long as the clients don't know squat about this stuff either, it's the Powerpoints, and only the Powerpoints, that count.

There's a truth here too - I don't know if you want to know, but just between us: Wintel networks can't be secured - Microsoft can't do it, the British National Health can't do it, the U.S. Navy gave up on trying - it can't be done. Your success as a consultant on this stuff will depend on where the attackers choose to go, not on what you get the clients to do. They go elsewhere, you look good: period. It may sound cynical, but it really is as simple as that - so go ahead and play the odds, because, you know, as long as there's a Microsoft, you'll always find other clients.

Paul Murphy wrote and published The Unix Guide to Defenestration. Murphy is a 25-year veteran of the I.T. consulting industry, specializing in Unix and Unix-related management issues.