The term "security specialist" is quite a broad term and can cover many fields within security. Today security is becoming so complex that people have to specialize in one or two fields, instead of taking them all on. For example, if you want to implement and consult on wireless infrastructures, it is best if you understand this technology, the various standards and all of the different vendor solutions, because they are all different.. If you want to be a vulnerability and penetration tester, then not only do you have to truly understand what your tool set can and cannot cover, but the best penetration tester is one who can stay abreast of all of the new vulnerabilities. It can be a full time job just understanding the computing environment's current vulnerabilities and the new ones that pop up every week.
If you want to work with companies and help them build a security program that makes them compliant, then you need to be a security generalist, because you have to understand a wide range of security issues from IDS types, VPN solutions, possibly identity management solutions, PKI, policies and more. On top of that, you need to understand the state and federal laws and the regulations that the company must be compliant with, and provide solutions that not only provide a secure environment, but an environment that can meet all of the legal and regulation requirements.
So, I think the most difficult thing about being a security professional is keeping up with technology changes, new solutions, and the continual vulnerabilities.
This was first published in August 2005