Information security is undergoing critical change and
practitioners should be shaping their careers now to keep up, IT
security professionals at the Gartner Information Security Summit
2009 in London have heard.
Now is an ideal time to plan; to define skills goals and get the
necessary training and experience, said Christian Byrnes, managing
VP at Gartner.
Security practitioners who want to involved at a code level
should be starting or joining companies that provide standards
security functions like penetration testing as services, said John
Girard, VP and analyst at Gartner.
But those who want to continue to be part of the strategic
planning process, will need to develop their skills to enable them
to get closer to the business.
The demand for specialist IT security skills will decline as
these become commoditised into services, but the need for
high-level business oriented security practitioners will continue
to grow, said Byrnes.
Security practitioners therefore need to understand how their
businesses operate and learn to use new technologies to communicate
the risk associated with businesses processes.
The need for high moral and ethical standards cannot be
dismissed or underestimated, said Byrnes.
The internet never forgets. Once a security practitioner has a
damaged reputation, that will never go away and it will be
extremely difficult to fine new career opportunities, he said.
Although the demand for specialist security skills is expected
to decline as the number of services increase, the need for basic
skills will remain, according to Byrne.
IT security practitioners will still need the ability to
assimilate and apply new technologies to new threat and should keep
an eye on developments in both arenas, he said.
Tom Scholtz, research VP at Gartner, said although security
budgets appear to be holding up reasonably well, budget constraints
are likely to be tight for the foreseeable future.
But this will provide IT security practitioners with the
opportunity to become more involved in helping businesses to
understand the risk of new technologies, he said.
According to Byrnes, success for security practitioners in the
next five to ten years depends on being able to integrate into
business processes and understand the needs of business.
Security practitioners need to become part of the business
machine if they are to be successful in keeping that machine
operating, he said.
ENDS