Keith Crosley: There's no single security issue that will dominate, I think. Rather, I believe that IT security will be more central to everyday decisions about technology use and deployment. IT roles, in general, will require candidates to be more cognizant of security risks that come with any enterprise technology. IT staff will also need to be more familar with the compliance landscape - e.g., what regulations, especially around data privacy and protection, does your organization have to comply with and how will you meet those requirements?
David Oxley: I don't think the situation will be all that different in 2-5 years. Compliance, data breaches, and the emerging threat of cyberwarfare will continue to wreck havoc, as will XSS attacks, exploits, etc. People with strong backgrounds in networking, web languages, Linux and Windows system programming, malware reverse-engineering, forensics, and specialized skills in foreign languages, financial industries, and the like will certainly stay busy.
Darrell Jones: I believe that in 2 to 5 years, storage of company data in SAAS or cloud systems will be the most pressing security issues. Organizations that have moved their data into one or both of these systems will desire, or require, proof of data integrity. Penetration testing and social engineering testing will be skills needed by customers to ensure that their systems providers are fulfilling the security needs of their customers.
Robert Newby: People. Security is always about people, and the mistakes they make, maliciously or benignly. Management skills will be what are needed. Technical skills can only go so far, and they are becoming commoditised. Management is something which everyone thinks they can do, but few people can do effectively or well.
Lawrence Pingree: Data leak protection will be the most implemented technology, and a convergence in the security industry occurring now will lead to technology integrations that don't exist today, such as the integration of compliance into and the compliance tools will then select the appropriate compliance/audit policies to enforce.
Robert McArdle: This is the million dollar question, and the person who can answer it will be a wealthy person indeed! For me it is clear that in our daily lifes more and more of the things we use everyday will move onto the web (or "into the cloud" if you prefer buzzwords), and as a result the web will need to be more and more accessible on the move. This will lead to more mobile devices, and stripped down laptops in regular use.
More importantly the current trend of everything we do being online can only increase - we already use the web for email, office applications, hosting pictures, games and social networking. As more and more applications move to the cloud our reliance on the operating system will become less and less, we are already seeing a lot of netbooks running linux variants for example.
As such understanding how to secure a highly mobile userbase using multiple device types to connect to your network, quite often remotely will be key. Another critical area will be to understand all of the attacks that criminals can use to target resources in the web, and how to protect against them.
Of course I could be completely wrong - but here's hoping thats not the case :)
Sebastian Bortnik: In the next few years IT security will be more important issue to organizations. It is time to understand the information security problem, in every company, as a process, as a management matter. In the next years, it will be important to implement security solutions, in different layers, and to mix technical and non-technical controls.
Compliance will be a big thing in this matter too. Certifications like ISO 27000, SOX or PCI are becoming compulsory in a lot of markets and companies.
So, people who can face this scenario, and develope complex solutions to the information will be valued.
You can have compliance experience, and be an auditor. Or you can have exploiting experience to be a pen tester. IT Security is a big thing with a lot of job opportunities.
Shakeel Ali :A recent rise in Cloud and Grid computing has put new challenges for IT security professionals to conform with industry standards, regulations and compliance. Due to their level of complexity, it may require extra skills in understanding the inner workings of the distributed systems and platforms. Similarly, the fast adoption of RFID technology by several Commercial and Government institutions will make a challenging future for IT security professionals.
Richard Stiennon: The security industry is easy to understand. The threats will continue to rise, the investment to counter them will also continue. Learn how to use investigative tools, Palinter, Analyst's Notebook, etc. Get networked. IT security is going to become somewhat militarized so get thinking in a defensive mode.
Vijay Vedanabhatla: Targeted attacks on individuals & businesses. Be it social networks or disgruntled employees, information will be available more easily for malicious purposes. The next generation of hackers will have the focus of stealing money or identity rather than just being geeky!
IT Security - What it Takes to be successful