No secret: Software security is a field to keep an eye on

By Scott Sargis
Published In The Chicago Tribune
December 12, 2001

Among the deluge of layoffs, one field continues to be resilient: information technology/ software security.

Over the last several weeks, we have been deluged by requests from employers seeking everyone from chief security architects to vice presidents of security.

Before Sept. 11th, some estimates were that between 25,000 and 60,000 IT security Jobs were left unfilled in the U.S. due to a lack of qualified candidates. Many point to this lack of trained security personnel as the cause of increasing numbers of successful hacks and intrusions.

The cost of security breaches is up 50 percent over last year, according to a recent Computer Security Institute/FBI survey.

Since Sept. 11th companies fearful of the next terrorist attack have even created positions where none before existed. Many companies including Aon Corp., Spherion Corp., and KPMG LLP all are desperately in need.

Though outsourcing security is an option for some, it doesn’t make sense for all enterprises.

Officials at large, global financial concerns such as Barclays Capital Inc., are facing new security regulations such as those imposed by the Gramm-Leach Bliley bank law reform act of 1999.

They prefer retaining in-house security, and this means more time and money being devoted to uncovering key security talent.

Though each company requires its own very specific set of security skills and certificates, some credentials stand out. One of the most sought after is Certified Information Systems Security Professional.

Also, most of our clients have demanded candidates with diverse software development and security backgrounds including multiple operating systems and the ability to tie together mainframes, Unix-based Systems, PCs, handheld devices, smart cards and the Web.

Recruiters will be breaking down your door if you’ve got development experience in the areas of distributed client/server processing, enterprise security, user authentication, biometrics authentication, remote access security, resource access control and enterprise systems management.

If you are a candidate desiring to join the field, return to school and learn the appropriate skills. Also, volunteer your time for ongoing projects to learn cutting-edge skills.

Get involved with such organizations as the System Administration and Networking and Security institute(

Now is a great time to start learning, even if you’re a beginner. The demand for people with information security skills is only going to increase.