SANS lists the "coolest" infosec jobs

I caught this article over at Government Computer News that reported on a SANS Institute survey of the "coolest" information security jobs. Although the article is about the coolest ten public sector information security jobs it does also list the top ten coolest private sector infosec jobs.

With further ado, for your reading pleasure, the ten coolest private sector infosec jobs:

1. (tie) System, Network, and/or Web penetration tester
1. (tie) Information security crime investigator/forensics expert
3. Forensics analyst
4. Vulnerability researcher
5. Application penetration tester
6. Security architect
7. CISO/ISO or director of security
8. (tie) Incident response, incident handler
8. (tie) Sworn law enforcement officer specializing in information security crime
10. Security evangelist

Since I didn't participate in the survey, and you didn't ask I thought I'd give you my top ten coolest infosec jobs:

1. Security architect
2. Penetration tester (I don't differentiate between applications, networks, and systems)
3. (tie) Security analyst
3. (tie) Security evangelist
5. CISO or director of security
6. (tie) Vulnerability researcher
6. (tie) Forensic expert
8. Network security engineer
9. Vulnerability assessment analyst
10. Security auditor

As you can tell I am at the crossroads between management and technology. It is my opinion that technical security controls without enterprise architecture and governance is a really good way to throw good money after bad... a topic that I will be visiting in a post in the near view.