Information security is undergoing critical change and practitioners should be shaping their careers now to keep up, IT security professionals at the Gartner Information Security Summit 2009 in London have heard.
Now is an ideal time to plan; to define skills goals and get the necessary training and experience, said Christian Byrnes, managing VP at Gartner.
Security practitioners who want to involved at a code level should be starting or joining companies that provide standards security functions like penetration testing as services, said John Girard, VP and analyst at Gartner.
But those who want to continue to be part of the strategic planning process, will need to develop their skills to enable them to get closer to the business.
The demand for specialist IT security skills will decline as these become commoditised into services, but the need for high-level business oriented security practitioners will continue to grow, said Byrnes.
Security practitioners therefore need to understand how their businesses operate and learn to use new technologies to communicate the risk associated with businesses processes.
The need for high moral and ethical standards cannot be dismissed or underestimated, said Byrnes.
The internet never forgets. Once a security practitioner has a damaged reputation, that will never go away and it will be extremely difficult to fine new career opportunities, he said.
Although the demand for specialist security skills is expected to decline as the number of services increase, the need for basic skills will remain, according to Byrne.
IT security practitioners will still need the ability to assimilate and apply new technologies to new threat and should keep an eye on developments in both arenas, he said.
Tom Scholtz, research VP at Gartner, said although security budgets appear to be holding up reasonably well, budget constraints are likely to be tight for the foreseeable future.
But this will provide IT security practitioners with the opportunity to become more involved in helping businesses to understand the risk of new technologies, he said.
According to Byrnes, success for security practitioners in the next five to ten years depends on being able to integrate into business processes and understand the needs of business.
Security practitioners need to become part of the business machine if they are to be successful in keeping that machine operating, he said.