Why can’t we allow specialists in the IT industry?

Read an article that just blew me away!

“An IT auditor may also work a a forensic specialist (cyberforensic) where the objective is usually directed toward potential crimes or nefarious deeds”

Then let us make lawnmower mechanics,  aviation engineers. Let us have the local lawnmower repair guy service the jet engines to 747s. Obviously we will not!.  Even within the realm of medicine we allow doctors to be brain surgeons and doctors to be spine surgeons. In the medical PROFESSION we don’t expect our podiatrists to operate on our brain.  Why then time and again to we insist within the IT industry to make all IT fields equal.

• Local computer retail and sales stores are now cyber security specialists.
• IT Auditors are forensic investigators.
• Electricians are complex network integrators.

Why?

As both a certified CISA (Certified Information Systems Auditor) and computer science graduate with 15 years pure IT experience, as well as a CISSP and GCIH, who lectures computer forensic at a local college.

Why do we allow technical things to be the domain of everyone.

In all respects to my fellow CISA certified members most are ex financial accountants and auditors, yes there are some that have technical IT backgrounds, but they are few.  just ask any IT Auditor CISA certified or not, to explain the difference between ram slack space and file slack space. Or, explain in detail the system boot process.

Over and over throughout my 15 years of IT one topic or another becomes the “buzz word of the day”, and suddenly everyone is an expert in that area. Unless we as the IT industry act like the other professional industries medical, legal, etc.. we are going to be laughed at, and internally destroy what we are working and stand  for.

Why do companies end up on the data breach list and within months of passing their SOX, PCI, HIPAA, or whatever security audit.  Because security was not truly understood.

My favorite example is a big player in the regional Data Center service market, who insisted a SAS 70 audit was a security audit. My response you want my business put your money where your mouth is and let us test your security. At the time their administrator password was dictionary based and less than 6 characters, and very simple penetration test was over in minutes with access as Administrator on multiple machines. Their response, but they had just passed their SAS 70 audit, and don’t understand why we gained access to easily.

Come On, IT professionals, it is time we stand up as professionals and fight for specialists like the other professional industries.

My 2c from small town America.