Employers to seek more security talent in '07

Businesses are looking for professionals that understand security fundamentals and are specialized in a particular area of technology such as Cisco or Microsoft or wireless security. Ali Pabrai, advisory committee memberCompTIA Security+

But like all other IT careers, the market demands wax and wane and the requirements change. Experts say spending on security will continue to rise – and specialization, compliance knowledge and documented work experience are in demand.

Compliance spending continues

Enterprises continue to pour money into compliance projects, resulting in a need for more security pros, said Ali Pabrai, CEO of ecfirst.com and a member of the advisory committee at CompTIA Security+, the largest developer of vendor-neutral IT certification exams..

"Financial, healthcare and government organizations are aligning their security initiatives with compliance priorities," he said.

Employers are looking for the right talent to specialize in a particular area, Pabrai said. Finding that niche may be key to landing the next big job.

"Businesses are looking for professionals that understand security fundamentals and are specialized in a particular area of technology, such as Cisco, Microsoft or wireless security," he said.

Security jobs: Podcast: Security certifications pay could rebound in '07 Security clearance means more $$$ Outsourcing: Understanding the business risks Better VoIP training needed, SANS director says Information Security Quizzes

While the initial "compliance binge" has slowed down, professionals who are well-versed in remediation and audits are still needed, said Ed Tittel, a freelance writer, trainer and consultant based in the Austin, Texas area.

In addition to compliance skills, companies are looking for professionals with dual talents in development and security, as well as professionals with security clearances who can fulfill the specialized needs of government agencies and defense contractors, Tittel said.

Experts agree that security spending will continue to increase in 2007, but at a slower pace than in previous years. Tittel estimated that the industry would see a 12-15% growth in the coming year; during the past several years, security spending has increased at least 20% annually, he said.

VoIP, wireless security growth

New eras bring new risks. And as one might expect from the skyrocketing numbers, handheld and wireless devices pose an increasing threat to corporate security, said Neill Hopkins, vice president of skills development for CompTIA.

According to a survey by Fierce-Wireless-Bluefire Wireless Security, 87% of respondents had concerns about the security of email access to corporate server accounts and remote access to corporate networks, Hopkins said. Respondents also had concerns about wireless security and loss or theft of mobile and wireless devices.

Hopkins also warned that companies will be facing threats from increased use of voice-over-Internet Protocol (VoIP) telephony and related technologies that are delivered over converged networks.

"In the IP-based communications environment, the system's functionality resides on standard computing platforms, which are vulnerable to the same types of attacks – viruses, worms, Trojan horses – that plague the data environment," Hopkins said.

Companies adopting IP-based communications solutions should thoroughly re-evaluate security practices and strategies to reduce vulnerability, he said.

Certifications in demand

According to Hopkins, the following are the most demanded certifications: