An IT Security Consultant will likely have a wealth of knowledge gained in IT Security roles. They may be involved in all aspects of cyber security including in the design, build, implementation, management and training of staff regarding an organisations IT Security infrastructure.
The role of an experienced Security Consultant may also encompass the implementation of an overall IT Security strategy and liaison with staff and stakeholders. Software and hardware vendors may need to be managed as well as other partners that are supplying any other IT, Network and Server Security related services.
The typical job duties for the role of Security Consultant will include, first of all, gaining a deep understanding of the organisations IT systems. Planning the design for a more robust security architecture in future may come next. Job duties will also probably include risk analysis feeding into overall initial security assessments.
The Security Consultant may need to plan and develop the organisational requirements for all network-connected devices such as routers and firewalls and of course any connected computers and related services. IT Networks that may need to be considered include Local Area Networks (LAN), Wide Area Networks (WAN) and Virtual Private Networks (VPN’s). An experienced consultant would normally have good project and man management skills too. Deep analysis of existing security infrastructure and implementation of new solutions is often the primary task of someone performing this job role.
More specific Security Consultant responsibilities may include:
1) IT Security Planning – A full knowledge and understanding of the organisations IT, technology and Information Systems needs to be gained prior to planning.
The consultant will usually first communicate with existing skilled staff to learn about the existing infrastructure. They will usually have an up to date understanding of security standards, authentication protocols and state of the art security systems helping them to drive their project planning. Their detailed knowledge will inform future decision-making and selection of the most optimum IT security solution. A formal project plan will need creating, that can be checked and signed off at each stage of the project lifecycle, by other decision makers within the organisation.
2) IT Security Design – Once the overall project plan has been agreed, the detailed design of the new security infrastructure can begin.
The detailed design of the new IT Security infrastructure solution will be informed by the knowledge gained in the earlier planning stage. Vulnerability testing and analysis will expose any existing security weakness. Armed with the resultant information, and research into current IT Security best practice covering the latest hardware and software solutions, the detailed design phase of the solution can begin. A network design for the WAN (Wide Area Network), LAN (Local Area Network) and VPN (Virtual Private Network) will likely feed into the overall project plan at this stage. The design will probably also incorporate Public Key Infrastructure (PKI) using Certification Authorities (CA), including the use of Digital Signatures where appropriate. Known security exploits and weaknesses should all be negated within the new security infrastructures design.
Costing’s will likely need calculating, with budgets managed prior to procurement of all the relevant hardware, software, manpower and any other required services.
3) IT Security Implementation – Installing the new security solution, this will incorporate firewalls, routers, VPN (Virtual Private Network), Servers, Software and Networks.
When the planning and design phase has finished, procurement, implementation and integration with existing systems will need managing. As Security Consultant, you will be responsible for ensuring that the implementation is successful by testing that it performs as expected.
4) On-going IT Security Management and Maintenance – Training Skilled staff and developing new procedures for more robust IT Security
When the implementation has been tested and bedded in, on-going maintenance and management needs to be planned for. As an IT Security Consultant, you will probably be expected to provide technical documentation and initial technical support for the organisations IT Security team. Development of a corporate security policy, a security awareness program and education of staff regarding the new procedures will likely all feature within the scope of the projects requirements.
This is usually a daytime role, working an average 40 hour week. Short-term IT Security Consultants may be paid a day rate where additional work is chargeable.
What can you expect to earn as a Security Consultant? The position of Security Consultant (IT) is a senior level role with many responsibilities. Salaries will vary depending on your experience, qualifications, the organisation and sector.
According to Payscale* Salary expectations for the role of Security Consultant range from $56,905 – $120,139 or £43,773 – £92,414 at a conversion rate of 1.3 for USD/GBP.
Sources: * Payscale – http://www.payscale.com/research/US/Job=Security_Consultant%2c_IT/Salary