No trust without oversight

as a security professional you are faced with several kinds of chaos that you have to treat at the same time

* the chaos of all the existing and new applications and networkconnections that are asked for or put into place at the same time, mostly without much coordination

* the chaos of all the different concepts and strategies and opinions that are published every day and are constantly going up and down in popularity

* the chaos of all the different security products that are in fact products or functions that you would like to see in products or just plain information services

the security-engineer has in fact to

* put procedures in place so he has an overview of what exists (in what state) and what is coming

* install platforms so every for example Oracle server, php-mysql application, and so on works in the same environment with the same tools for documentatioin, bugtracking en versioning and logging and a way so that every idea goes from test to production to presentation following the same path and the same management

* integrate several products so that every security-neccessity is taken care off

and if you don't do security-engineering you will be ruled by the chaos

it is hard work, I know, but it is the only way to stay in front of the chaos

and no, there is no course or certification for that, just a load of experience and endurance