1) LOOK at the resume - closely.
Penetration testing isn't just being able to run some tools, exploit some systems, and charge the client for coffee and pizza (although that last item is essential, especially for late night work).

They must be able to:
* write clearly
* spell properly
* convey meaning

These traits are ESSENTIAL in explaining problems and recommending remediation steps in a way that is easily understandable by the client.

Biggest turn-off: All too often I see resumes full of run-on sentences or non-assertive phrases.

2) READ the resume - how do they think?
You might be tempted to skip over the majority of the resume and look for certain keywords like the names of familiar tools like nessus, nikto, webinspect, nmap, etc. While familiarity with these tools is important, you need to know their approach or methodology.

Some common (and quite good) methodologies:

The Open Source Security Testing Methodology Manual (OSSTMM) is:
"…a peer-reviewed methodology for performing security tests and metrics. The OSSTMM test cases are divided into five channels which collectively test: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases.

The OSSTMM focuses on the technical details of exactly which items need to be tested, what to do before, during, and after a security test, and how to measure the results. OSSTMM is also known for its Rules of Engagement which define for both the tester and the client how the test needs to properly run starting from denying false advertising from testers to how the client can expect to receive the report. New tests for international best practices, laws, regulations, and ethical concerns are regularly added and updated.
"

The Information Systems Security Assessment Framework (ISSAF) was developed by the Open Information Systems Security Group, and is defined as "…a peer reviewed structured framework that categorizes information system security assessment into various domains & details specific evaluation or testing criteria for each of these domains. It aims to provide field inputs on security assessment that reflect real life scenarios. ISSAF should primarily be used to fulfill an organization's security assessment requirements and may additionally be used as a reference for meeting other information security needs. ISSAF includes the crucial facet of security processes and their assessment and hardening to get a complete picture of the vulnerabilities that might exist."

(Note: Of the two methodologies listed, the OSSTMM is more mature.)

Familiarity with the Guidelines on Network Security Testing from NIST (The National Institute of Standards and Technology) is an excellent baseline. These guidelines are published in Special Publication 800-42, and are a bit less comprehensive that the OSSTMM model. Testers familiar with 800-42 are typically more knowledgeable about working with regulatory agencies and their specific testing and auditing requirements.

3) Certifications listed on resume - what matters?

CEH (Certified Ethical Hacker):
We have discussed this certification at length in articles here and here. My current opinion is that the certification program gives testers an exposure to tools, and prepares them to pass the required examination. That's about it.

National Security Agency IAM (Information Assessment Methodology) and IEM (Information Evaluation Methodology):
Both of these certifications cover the excellent IEM/IAM methodologies in grueling detail. The certifications involve classroom training, group activities, presentations to peers on assessments (think intelligence briefings), and written exams. These certifications form an impressive foundation for risk assessment skills.

Certified Security Professional (CSTP) and Certified Security Testing Associate (CSTA) are accredited by the University of Glamorgan. The certification coursework is excellent as seen in this PDF file.

Operating System Specific Certifications such as a MCSE, RHCE, etc. and vendor-specific certifications like CCNA, CCIE are very desirable. The more a candidate knows about the operating systems, devices and applications they are testing, the better.

ISACA has two great certifications that show knowledge of information systems management (CISM Certified Information Systems Manager and CISA Certified Information Systems Auditor).

My comments on the CISSP can be found in this entry.



4) What box(es) do they think in and out of?

Candidates may list their engagement experience as being either white box or black box. Knowledge in both types of testing environments is essential.

White box testing is testing an environment with prior knowledge of the infrastructure, systems, applications, policies, procedures, etc. In this situation, the tester has an 'edge', can spend less time doing reconnaissance work and more time testing and exploiting.

Black box testing is also known as 'cold testing'. In other words, the tester has no previous knowledge of the environment to be testing and must perform extensive research and reconnaissance on the target(s). Black box testers are usually intimately familiar with social engineering techniques and knowledge acquisition methods (like dumpster diving).

Focusing on the 'boxes' in interviews is a great way of judging a candidates true level of experience. Ask the candidate for specific examples of their work. Do they freely give previous clients' names? If so, this may be a sign that the candidate doesn't respect Non-Disclosure Agreements.

Most importantly, look for 'out of the box' thinking. Candidates that are able to think on their own and come up with unique solutions to problems are in high demand. (For an example, look at how Scrap & I penetrated the headquarters building of Allison Technologies in Case Of The Tepid Tipster.)

5) Personality, Business and Legal Skills

Your candidate is going to interface with your customer at many levels. Some important things to consider while reading the resume and during the interview:

• Do they have good people skills?
• Do they understand the value of the service they provide to the customer?
• Are they conversational?
• Do they comprehend how important it is to make the customer feel 'at ease' with their presence and service?
• Do they understand the legalities involved in testing?
• Do they have a 'John Wayne' attitude that could get you in trouble? (example: testing outside the scope of the engagement is a no-no!)

6) References, References, References

Ask the candidate for professional (and if possible) client references.


7) What's In Their Toolkit?

Candidates will have their own preference for toolkits, as there are many tools that perform the exact same function. The candidate should have an understanding of tools, and experience using toolkits like Auditor.

Auditor has one of the best (if not the best) selection of tools around. The candidate should have knowledge of at least a few of the tools listed in each category below (taken from the Auditor toolkit):

Footprinting

* Greenwhich
* Whois
* Gnetutil (Network Utilities)
* Itrace (ICMP traceroute)
* Tctrace (TCP traceroute)
* Traceroute
* DNSwalk (DNS verification)
* Dig (DNS lookup)
* Host (DNS lookup)
* NSTXCD (IP over DNS client)
* NSTXD (IP over DNS server)
* Oxyman (DNS tunnel)
* Curl (URL transfer)
* Elinks (Console web browser)
* Konqueror (Web browser)
* Socat (Socket Cat)
* Stunnel (Universal SSL tunnel)
* Arpfetch (SNMP ARP/IP fetcher)
* SNMPWalk (SNMP tree walk)
* TKMib (Mib browser)
* GQ (LDAP browser)
* Komba2 (KDE SMB browser)
* LinNeighborhood (Graphical SMB browser)
* Net utils (NET utilities)
* SMBClient (SMB client)
* SMBGet (SMB downloader)
* Smb4K (SMB share browser)
* Xsmbrowser (Graphical SMB browser)
* nmblookup (Netbios name lookup)
* smbdumpusers (User browser)
* smbgetserverinfo (Get server info)
* Cheops (Network neighborhood)
* NTP-fingerprint (Detection based on ntp fingerprint)
* Nmap (Network scanner)
* NmapFE (Graphical network scanner)
* P0f (Passive OS fingerprinting)
* Queso (OS detection)
* XProbe2 (OS detection)


Scanning

* Cisco global exploiter (Cisco scanner)
* Cisco torch (Cisco oriented scanner)
* ExploitTree search (ExploitTree collection)
* Metasploit (Metasploit commandline)
* Metasploit (Metasploit console GUI)
* Metasploit (Metasploit web interface)
* Nessus (Security Scanner)
* Raccess (Remote scanner)
* Httprint (Webserver fingerprinting)
* Nikto (Webserer scanner)
* Stunnel (Universal SSL tunnel)
* Cheops (Network neighborhood)
* GTK-Knocker (Simple GUI portscanner)
* IKE-Scan (IKE scanner)
* Knocker (Simple portscanner)
* Netenum (Pingsweep)
* Netmask (Requests netmask)
* Nmap (Network scanner)
* NmapFE (Graphical network scanner)
* Proxychains (Proxifier)
* Scanrand (Stateless scanner)
* Timestamp (Requests timestamp)
* Unicornscan (Fast port scanner)
* Isrscan (Source routed packets scanner)
* Amap (Application identification)
* Bed.pl (Application fuzzer)
* SNMP-Fuzzer (SNMP protocol fuzzer)
* ScanSSH (SSH identification)
* Nbtscan (Netbios scanner)
* SMB-Nat (SMB access scanner)
* Ozyman (DNS tunnel)
* Ass (Autonomous system scanner)
* Protos (Protocol identification)

Analyzer

* AIM-SNIFF (AIM sniffer)
* Driftnet (Image sniffer)
* Mailsnarf (Mail sniffer)
* Paros (HTTP interception proxy)
* URLsnarf (URL sniffer)
* smbspy (SMB sniffer)
* Etherape (Network monitor)
* Ethereal (Network analyzer)
* Ettercap (Sniffer/Interceptor/Logger)
* Hunt (Sniffer/Interceptor)
* IPTraf (Traffic monitor)
* NGrep (Network grep)
* NetSed (Network edit)
* SSLDump (SSLv3/TLS analyzer)
* Sniffit (Sniffer)
* TcPick (Packet stream editor)
* Dsniff (Password sniffer)

Spoofing

* Arpspoof (ARP spoofer)
* Macof (ARP spoofer/generator)
* Nemesis-ARP (ARP packet generator)
* Nemesis-Ethernet (Ethernet packet generator)
* CDP (CDP generator)
* DNSSpoof (DNS spoofer)
* Nemesis-DNS (DNS packet generator)
* DHCPX (DHCP flooder)
* Hping2 (Packet generator)
* ICMPRedirect (ICMP redirect packet generator)
* ICMPUSH (ICMP packet generator)
* Nemesis-ICMP (ICMP packet generator)
* Packit (Traffic inject/modify)
* TcPick (Packet stream editor)
* Yersinia (Layer 2 protocol injector)
* Fragroute (Egress rewrite)
* HSRP (HSRP generator)
* IGRP (IGRP injector)
* IRDP (IRDP generator)
* IRDPresponder (IRDP response generator)
* Nemesis-IGMP (IGMP generator)
* Nemesis-RIP (RIP generator)
* File2Cable (Traffic replay)
* Fragrouter (IDS evasion toolkit)
* Nemesis-IP (IP packet generator)
* Nemesis-TCP (TCP packet generator)
* Nemesis-UDP (UDP traffic generator)
* SendIP (IP packet generator)
* TCPReplay (Traffic replay
* Etherwake (Generate wake-on-LAN)



Bluetooth

* BTScanner (Bluetooth scanner)
* Bluesnarfer (Bluesnarf attack)
* Ghettotooth (Bluetooth scanner)
* Kandy (Mobile phone tool)
* Obexftp (Obexftp client)
* Phone manager
* RFComm (Bluetooth serial)
* RedFang (Bluetooth bruteforce)
* USSP-Push (Obex-push)
* XMinicom (Terminal)


Wireless

* apmode.sh (Act as accesspoint)
* Airpwn (Client penetration)
* Hotspotter (Client penetration)
* GpsDrive
* start-gps-daemon (GPS daemon)
* stop-gps-daemon (GPS daemon)
* ASLeap (LEAP/PPTP cracker)
* Genkeys (Hash generator for ASLeap)
* Airforge
* File2air (Packet injector)
* Void11
* Void11-Hopper (Channel hopper)
* GKismet (Graphical wireless scanner)
* GPSMAP (wireless mapping)
* KLV (Kismet Log Viewer)
* Kismet (Ncurses wireless scanner)
* Wellenreiter (Graphical Wireless scanner)
* 802ether (Dumpfile format convertor)
* airodump (Traffic recorder)
* aircrack (Modern WEP cracker)
* Aireplay (Wireless packet injector)
* Wep_Crack (Wep Cracker)
* Wep_Decrypt (Decrypt dump files)
* Airsnort (GUI based WEP cracker)
* ChopChop (Active WEP attack)
* DWEPCrack (WEP cracker)
* Decrypt (Dump file decrypter)
* WEPAttack (Dictionary attack)
* WEPlab (Modern WEP cracker)
* Cowpatty (WPA PSK bruteforcer)
* changemac.sh (MAC address changer)


Bruteforce

* ADMsnmp (SNMP bruteforce)
* Guess-who (SSH bruteforc)
* Hydra (Multi purpose bruteforce)
* K0ldS (LDAP bruteforce)
* Obiwan III (HTTP bruteforce)
* SMB-Nat (SMB access scanner)
* TFTP-bruteforce
* VNCrack (VNC bruteforce)
* Xhydra (Graphical bruteforcer


Password cracker

* BKHive (SAM recovery)
* Fcrackzip (Zip password cracker)
* John (Multi-purpose password cracker)
* Default password list
* Nasty (GPG secret key cracker)
* Rainbowcrack (Hash cracker)
* Samdump2 (SAM file dumper)
* Wordlists (Collection of wordlists)


Forensics

* Autopsy (Forensic GUI)
* Recover (Ext2 file recovery)
* Testdisk (Partition scanner)
* Wipe (Securely delete files)


Honeypot

* IMAP
* POP3
* Honeyd (Honeypot)
* IISEmulator (Honeypot)
* Tinyhoneypot (Simple honeypot)

• View Slide Show

Imagine you were offered a dream job that required you to relocate to your favorite city. Which city would it be? And why?

If you're like most Americans, you might select New York, San Diego, or San Francisco, according to a soon-to-be released survey of 2,500 employees and entrepreneurs across the nation by the Human Capital Institute, a Washington-based think tank and professional association largely made up of human resources professionals.

As the economy softens, this becomes more of a pressing issue because many Americans will find that they may be forced to relocate to find work. But even though some workers may not have the luxury of choice, some cities remain more desirable than others.

Favorite, Least Favorite? New York, New York

Interestingly, New York, which seems to evoke strong feelings in people, also topped the list of America's least favorite places to live and work. Survey-takers who like the Big Apple gave it high marks for entertainment options, professional and personal opportunities, and ease of transportation. Workers who don't like it overwhelmingly point to the high cost of living.

Detroit, which has seen its image only worsen with the collapsing auto industry, was the second-least appealing city, followed by Los Angeles (also No. 5 on the best cities list) and New Orleans.

"People have a love-hate relationship with New York," said Allan Schweyer, the industry group's executive director. "There are still people who think New York isn't part of the United States.…There are people who might think that even if they were offered their dream job in New York, they don't want to go from a 3,000-square-foot house in the suburbs to a 1,200-square-foot apartment."

Leading Factors: Environment, Affordability

The survey is part of the professional organization's 2009 National Talent Markets report, which is meant to help cities determine how to improve and properly market themselves to attract talented out-of-town workers. The most important issue for workers in determining where to relocate is environment, including climate and park space, according to the survey.

Affordability, which was No. 4 in last year's list, is now the second-most important attribute workers consider before relocating, thanks to the economic downturn. Affordability might have something to do with the fact that Las Vegas, where home prices have fallen faster than in most cities, climbed to fourth place on this year's list of America's favorite cities.

Companies often have trouble recruiting out-of-state talent because people—especially older professionals—simply don't like to move. The slumping real estate market has made it even more difficult for many homeowners to move because they can't easily sell their homes. According to the survey, 65% of responders said they were satisfied with the city area where they live now and 67% said they are unlikely to move within the next five years. The most mobile workers are in their mid-20s to mid-30s, have a degree or an advanced degree, earn more than $100,000 a year, and work in science and technology, media and entertainment, or professional services, the report said.

Image Is Also a Part of It

Scott Simmons is vice-president and founding partner of Crist|Kolder Associates, an executive recruiting firm in Chicago, said it's easier to find workers willing to move to big cities such as New York, Chicago, or San Francisco than it is to convince people to move to a midsize city such as Erie, Pa., which is a one-hour 45-minute drive from either Pittsburgh or Cleveland. People on the coasts, especially in California, are reluctant to move, he said. And workers often would rather not move to cold rust-belt cities such as Cleveland, Detroit, and Buffalo, he said.

"Perception is a big deal when it comes to places," said Simmons, adding that it's important to have candidates visit the city before making a decision. "Everybody has preconceived notions…. Everybody thinks Chicago is Siberia when it comes to late fall and winter."

Detroit is a particular challenge, especially now that companies like General Motors (GM) are on the brink of bankruptcy (BusinessWeek, 11/19/08). The city, which also suffers from crime and poverty, is still a one-industry town and could do more to diversify its economy, Simmons said.

Jane Howze, managing director of The Alexander Group, a national executive search firm headquartered in Houston, said workers who are flexible about relocating have a strong advantage in this economy.

"These are times where we're all asked to do more challenging things than we did a year ago," Howze said. "The winners are the ones that step up and do that…. Maybe you take that job and make it a better place than when you got there."

Who's hiring when everyone else is firing?

When Forbes first looked at the most recession-proof jobs in July, there were 8.8 million Americans unemployed. As of October, that number had risen to 10.1 million and looks set to rise further.

Among the 500 largest U.S. public companies alone, Forbes has totted up almost 90,000 layoffs since Nov. 1 (see our Layoff Tracker).

But there are still opportunities, the most abundant being in sales, customer support and accounting, according to the latest data from Jobfox.com, a job board founded by the creator of CareerBuilder.com. These jobs rank highest on a list of most recession-proof.

In Pictures: Top 10 Most Recession-Proof Jobs

"Skilled professionals remain in demand," said Rob McGovern, chief executive of McLean, Va.-based Jobfox.com.

To determine its ranking of its 25 most recession-proof jobs, Jobfox collected a list of more than 4,000 job openings in a 120-day period ended Oct. 28. The report also includes information about current median salary ranges and desired median salary ranges as defined by a random sample of job candidates.

Sales and business development representatives top the list. In tough economic times, it's important for companies to develop the business rather than cower into a corner. The job, which is largely based on commission, pays in a salary range of $55,000 to $65,000 a year.

If peddling goods or services isn't your strong suit, try the frustration end of the business. The holiday shopping season yields a torrent of calls to businesses from customers wanting either information or a refund. Account and customer-support jobs rank No. 2 on the list. The job pays in a range of $25,000 to $35,000.

Sources: Richardson a 'serious contender' for Commerce job

Gov. Bill Richardson of New Mexico is a serious contender for commerce secretary, but he could be tapped for another senior post, two sources close to the transition told CNN Friday.

The sources said they do not consider Richardson's appointment to the Commerce Department to be a done deal.

Richardson, 61, was a candidate for the 2008 Democratic presidential nomination.

Currently in his second term as New Mexico's governor, he previously served as ambassador to the United Nations and energy secretary in the Clinton administration.

Richardson is also considered to be a possibility for the secretary of state post.

Friday, Sen. Hillary Clinton's camp shot down media reports saying that she had already agreed to accept the secretary of state position.

"We're still in discussions, which are very much on track," said Philippe Reines, Clinton's senior adviser. "Any reports beyond that are premature."

The New York Times reported Friday that Clinton would give up her Senate seat and accept the Cabinet post, citing two confidants, who said the decision was made after further consultation with President-elect Barack Obama about the nature of her role and his foreign policy plans.

A Senior Obama aide told CNN there has been no development on a possible Clinton appointment since they informed CNN yesterday she is "on track" to be nominated for secretary of state.

The Wall Street Journal also reported that Timothy J. Geithner will be nominated to be treasury secretary.

Geithner, the president of the Federal Reserve Bank of New York, began working with the Treasury Department in 1988 in the International Affairs division. In 1999 he became under secretary of the treasury for international affairs.

Obama's transition team also appears close to choosing a national security adviser to the White House.

Two sources close to the Obama transition team tell CNN retired Marine Gen. Jim Jones has emerged as the president-elect's leading choice for the position.

The sources said Jones has been given the impression by Obama that the job is his if he wants it. But the officials said there are still private discussions under way and that no final decision has been made.

The discussions are focused on precisely how much power Jones will have in the staff job since he is used to being in a command role. Among his many posts, Jones served for several years as the operational commander for NATO

In Pictures:

Seven Work-Stress Relievers

Star Athletes On Staying Cool Under Pressure

Think you're stressed? Try a day in the life of Rich Gelfond, co-chief executive of IMAX, the large-format film company.

Take Nov. 5, for instance. After his usual 6 a.m. stint at the gym, Gelfond joined his board of directors and audit committee for a two-hour meeting. From there, he headed to a three-hour meeting to finalize third-quarter financials to be announced the next day. In the afternoon, he wrote a script for the conference call and practiced fielding tough questions with his public relations team, all while battle-planning with film executives preparing to launch Madagascar: Escape 2 Africa in 35 newly outfitted digital-projection Regal theaters--IMAX's (nasdaq: IMAX - news - people ) biggest opening to date.

That's pressure. But you don't need to be a top executive like Gelfond to feel stressed out on the job. The American Institute of Stress estimates that stress costs U.S. corporations $300 billion annually in health care costs, turnover and absenteeism.

In Pictures: Seven Work-Stress Relievers

In Pictures: 10 Star Atheletes On Staying Cool Under Pressure

How to cope? We spoke with psychologists and sports stars to find some helpful tactics--no heavy pharmaceuticals allowed. In calmer moments, much of this might seem like common sense. But if you think you've heard it all before, ask yourself: How often do you actually follow the advice?

In the short term, coping with stress is about finding release--or at least some semblance of it. When Gelfond is at his busiest--bouncing between meetings, grappling with the latest technology and dealing with investors--he makes sure he gets an hour in the gym before he starts his day. "Not only do [my workouts] help me to relieve existing stress, they increase my ability to deal with problems that arise throughout the day," he says.

NEW YORK (Reuters) - Morgan Stanley (nyse: MS - news - people ) plans to cut 10 percent of staff in its institutional securities unit and 9 percent in asset management, it said Wednesday, as it copes with a deteriorating economy, disrupted capital markets and falling asset values.

The cuts are in addition to roughly 4,800 jobs eliminated since the middle of 2007 by what was once Wall Street's second-largest investment bank.

It was not immediately clear how many employees will be affected by the latest cuts, or over what time period. A spokeswoman declined to comment. Morgan Stanley employed 46,383 people as of Aug. 31, according to its website.

The change requires it to lower leverage, potentially cutting profitability. The bank has slashed its asset base to below $800 billion from $987 billion at the end of August.

"We're in a period of tremendous dislocation," Co-President James Gorman said at a Merrill Lynch (nyse: MER - news - people ) financial services conference. "We're very mindful of the environment that we live in at the moment, and we will continue to rationalize headcount and costs accordingly."

Goldman Sachs Group Inc (nyse: GS - news - people ), Morgan Stanley's main rival, also became a bank holding company in September. It set plans last month set plans to reduce 10 percent of its staff, or nearly 3,300 jobs.

In late morning trading, Morgan Stanley shares fell 80 cents, or 5.7 percent, to $13.28 on the New York Stock Exchange. They began the year at $53.11.

NO QUICK FIXES

Gorman said the bank holding company structure will allow Morgan Stanley to tap a wider array of funding sources.

He said the company plans to bulk up in retail banking, including through "targeted" acquisitions, and preserve or expand operations in capital raising, cash trading, commodities, corporate credit, equity derivatives, foreign exchange, mergers and acquisitions and rates.

On the other hand, he said Morgan Stanley plans to "reshape" operations in prime brokerage, proprietary trading, principal investments and commercial real estate origination,

In October, Morgan Stanley raised $9 billion from Japan's Mitsubishi UFJ Financial Group Inc, and received $10 billion from the U.S. government's bank bailout plan.

Chief Financial Officer Colm Kelleher said the infusions leaves Morgan Stanley "well-capitalized, with excess capital."

Yet he said the company still faces "incredibly dislocated markets," including "gridlock" in efforts to sell or dispose of troubled assets. "I'm not sure who is buying it," he said.

He also said Morgan Stanley aims to fund half its assets with equity, long-term debt and deposits, up from 26 percent at the end of August.

Many other companies are also seeking more stable funding, and credit card issuer American Express Co (nyse: AXP - news - people ) this week also became a bank holding company.

"There are no quick fixes," Kelleher said. "There is no magic bullet that will suddenly solve the deposit question for institutions that are moving over from wholesale funding." (Additional reporting by Juan Lagorio; editing by Jeffrey Benkoe)

CNN.com has a business partnership with CareerBuilder.com, which serves as the exclusive provider of job listings and services to CNN.com.

Who hasn't looked at his or her paycheck and imagined how much better life would be with a lot more numbers after that dollar sign?

Inevitably, a wise soul -- usually a parent -- tells you that no amount of money will solve your problems.

Of course, you respond, "Let me find out for myself."

If your annual income hovers around the national median of $40,690, you're in the company of millions of Americans. As gas prices, housing costs and other everyday expenses continue to creep up, earning more money isn't just some daydream you harbor in vain. It's a reasonable solution to financial woes and a good way to plan for your future.

To assist your search for financial bliss, we've put together the following list of jobs that earn twice as much as the national median income.

With salaries that fall anywhere between $80,000 and $89,999, here are some possible career opportunities for you as well as their expected growth rate.

1. Associate actuary

What they do: Most often employed by insurance agencies, actuaries use data to calculate the likelihood and expense of an event, such as death or illness, and help formulate an insurance policy based on their findings.
Annual mean income: $81,924*
Projected employment in 2016: 22,000**
Increase between 2006 and 2016: 24 percent

2. Attorney

What they do: Attorneys can choose to concentrate on a variety of specializations, which include tax law, criminal law, civil law, bankruptcy, environmental law and more.
Annual mean income: $88,235
Projected employment in 2016: 844,000
Increase between 2006 and 2016: 11 percent

3. Compensation and benefits manager

What they do: Compensation and benefits managers are human resources specialists who oversee compensation, insurance programs, performance reviews and hiring for their employers.
Annual mean income: $80,011
Projected employment in 2016: 55,000
Increase between 2006 and 2016: 12 percent

4. Economist

What they do: Economists study, analyze and project how individual people, firms, industries and governments spend money and use resources.
Annual mean income: $80,817
Projected employment in 2016: 16,000
Increase between 2006 and 2016: 7 percent

5. Floor broker

What they do: Floor brokers bargain with other brokers over the price of stocks. A sales agent then sells the securities or commodities to an investor for the negotiated price.
Annual mean income: $83,608
Projected employment in 2016: 399,000
Increase between 2006 and 2016: 25 percent

6. Marketing manager

What they do: Marketing managers calculate a need for their company's services in order to stay competitive with other businesses and satisfy customer demand.
Annual mean income: $86,283
Projected employment in 2016: 192,000
Increase between 2006 and 2016: 14 percent

7. Petroleum engineer

What they do: Petroleum engineers work with scientists and other specialists to drill for oil and natural gas using the most efficient methods possible. Their research helps them develop new procedures for drilling and find new locations of oil and gas reservoirs.
Annual mean income: $86,899
Projected employment in 2016: 18,000
Increase between 2006 and 2016: 5 percent

8. Pharmacist

What they do: Based on a doctor's prescription or a patient's needs, pharmacists dispense medication. Physicians and patients rely on pharmacists to answer questions about the necessary dosages and side effects of a medication.
Annual mean income: $88,786
Projected employment in 2016: 296,000
Increase between 2006 and 2016: 22 percent

9. Risk management supervisor

What they do: Organizations employ risk management supervisors to create and monitor insurance programs that address potential financial loss, property damage and legal issues that could arise.
Annual mean income: $85,655
Projected employment in 2016: 570,000***
Increase between 2006 and 2016: 13 percent

10. Veterinarian

What they do: Veterinarians provide health care for family pets, livestock and zoo animals. They provide check-ups, treat diseases and advise caretakers on how to best raise their animals.
Annual mean income: $80,069
Projected employment in 2016: 84,000
Increase between 2006 and 2016: 35 percent

Newly installed White House chief of staff Rahm Emanuel and President-elect Barack Obama. Photo by Charles Rex Arbogast of the Associated Press

llinois Rep. Rahm Emanuel has accepted the job as President-elect Barack Obama's chief of staff, a move ensuring that a seasoned Washington insider with deep knowledge of both Congress and the national political landscape will be at Obama's right hand in the White House.

"Though Rahm understands how to get things done in Washington, he still looks at the world from the perspective of his neighbors and constituents on the Northwest Side of Chicago, who work long and hard, and ask only that their government stand on their side and honor their values," Obama said in a statement announcing the move this afternoon.

Of his decision, Emanuel said: "I'm leaving a job I love to join your White House for one simple reason -- like the record amount of voters who cast their ballot over the last month, I want to do everything I can to help deliver the change America needs."

Emanuel was elected to Congress in 2002 to a strongly Democratic Chicago-area seat once held by legendary Ways and Means Chairman Dan Rostenkowski. He rapidly rose through the ranks of the Democratic Caucus -- serving as the chairman of the Democratic Congressional Campaign Committee in 2006 and then as the Caucus Chairman over the last two years.

But, Emanuel's experience prior to coming to Congress as an elected official may be more instructive when seeking to understand what sort of chief of staff he will be.

During the 1988 election cycle, Emanuel served as national field director at the DCCC under then Chairman Beryl Anthony (Ark.) and then spent the better part of the 1990s affiliated in one way or another with the campaign and then presidency of Bill Clinton.

Emanuel oversaw fundraising during the presidential campaign of Clinton and held several positions in the White House, first as political director, then manager of special legislative efforts, and finally as senior adviser.

One former Clinton Administration official compared Emanuel to a defensive end in football. "Very smart, super quick and agile, but getting hit by him, particularly when you were blindsided, felt like being run over by a truck," said the source.

Over those fifteen years as a staffer, Emanuel earned a take-no-prisoners reputation and a nickname -- "Rahmbo" -- to go with it. At times he was blunt to a fault, and alienated some of his administration colleagues.

House Minority Leader John Boehner (Ohio) seized on Emanuel's partisan reputation to condemn the choice.

"This is an ironic choice for a President-elect who has promised to change Washington, make politics more civil, and govern from the center," said Boehner in a statement.

But, Emanuel allies argue that the image of the Illinois Congressman as a partisan brawler is more myth than reality.

Emanuel regularly speaks with current White House chief of staff Josh Bolton and has even attended a baseball game with the Republican. He counts Sen. Lindsey Graham (R-S.C.), one of John McCain's closest allies, and retiring Rep. Ray LaHood (R-Ill.) as friends. And, Emanuel's allies point to SCHIP legislation and a G.I. Bill of Rights as examples of where he worked across the aisle to secure support.

Our sense on Emanuel is that he is the ultimate political pragmatist. He understands that Obama was elected in part (a major part) due to his promise to change the way politics is conducted in Washington. Does that mean Emanuel's tough minded approach to the intersection of politics and policy change? Absolutely not. But it does mean that Emanuel will understand that reaching across the aisle for Republican support is absolutely essential to Obama's political brand and will look for opportunities to do so.

Emanuel Accepts

Newly installed White House chief of staff Rahm Emanuel and President-elect Barack Obama. Photo by Charles Rex Arbogast of the Associated Press

Illinois Rep. Rahm Emanuel has, as expected, accepted the job as chief of staff to President-elect Barack Obama, according to informed Democratic sources.

Emanuel's hiring ensures that the candidate who ran against the Beltway will have a seasoned Washington hand as his top staffer.

Emanuel was elected to Congress in 2002 to a strongly Democratic Chicago-area seat once held by legendary Ways and Means Chairman Dan Rostenkowski. He rapidly rose through the ranks of the Democratic Caucus -- serving as the chairman of the Democratic Congressional Campaign Committee in 2006 and then as the Caucus Chairman over the last two years.

But, Emanuel's experience prior to coming to Congress as an elected official may be more instructive when seeking to understand what sort of chief of staff he will be.

During the 1988 election cycle, Emanuel served as national field director at the DCCC under then Chairman Beryl Anthony (Ark.) and then spent the better part of the 1990s affiliated in one way or another with the campaign and then presidency of Bill Clinton. Emanuel oversaw fundraising during the presidential campaign of Clinton and served as political director in the White House.

Over those fifteen years as a staffer, Emanuel earned a take-no-prisoners reputation and a nickname -- "Rahmbo" -- to go with it.

House Minority Leader John Boehner (Ohio) seized on Emanuel's partisan reputation to condemn the choice.

"This is an ironic choice for a President-elect who has promised to change Washington, make politics more civil, and govern from the center," said Boehner in a statement.

But, Emanuel allies argue that the image of the Illinois Congressman as a partisan brawler is more myth than reality.

Emanuel regularly speaks with current White House chief of staff Josh Bolton and has even attended a baseball game with the Republican. He counts Sen. Lindsey Graham (R-S.C.), one of John McCain's closest allies, and retiring Rep. Ray LaHood (R-Ill.) as friends. And, Emanuel's allies point to SCHIP legislation and a G.I. Bill of Rights as examples of where he worked across the aisle to secure support.

Our sense on Emanuel is that he is the ultimate political pragmatist. He understands that Obama was elected in part (a major part) due to his promise to change the way politics is conducted in Washington. Does that mean Emanuel's tough minded approach to the intersection of politics and policy change? Absolutely not. But it does mean that Emanuel will understand that reaching across the aisle for Republican support is absolutely essential to Obama's political brand and will look for opportunities to do so.