by “About 70% of the working time of the information security personnel will not be directly applied to the professional technology of the information security” This is a sentence that Chen Jiahong will always say every time he interviews the information security personnel. “Information security engineers don’t just learn about penetration testing, vulnerability scanning, and get a CEH certificate.” He emphasized: Instead, they should focus on communication, data organization, presentation production, and presentations on stage. For example, information security personnel who manage firewalls must regularly analyze system records and write written reports. Especially in industries that are highly supervised by competent authorities, such as the financial industry and telecommunications industry, the proportion of administrative work will be even higher.
