Security threats are constantly shape shifting and companies' security needs are forever morphing and evolving. Just think of it: Each time an organization introduces a new technology, it likely introduces a new security vulnerability. So the demand for security professionals is likely to grow.

That's the message delivered during Source Boston 2010. The three-day conference prides itself on being a small, manageable affair where thought leaders, business visionaries and high-level security professionals can network and share information on topics like "How to Detect Penetration Testers," "NT Object Insecurity and "Failagain's Island - The Perils of Banking in an Island Nation."

I, of course, queried attendees on the state of IT security jobs. I found people upbeat. As one young penetration tester put it: "We're recession proof."

Here are some key takeaways:

  • Mark Champine, a security and platform architect for a Massachusetts firm, believes the job market has gotten stronger in the last three months. Although he's not looking for a job, he's been getting a steady number of calls from recruiters and headhunters. Last year, he notes, outreach was dead. The skill sets most in demand are broad, from penetration testers or white-hat hackers, to security specialists with a domain knowledge of PKI, encryption and transport layer security. There's even a need for security pros skilled in authorization and authentication and data protection.
  • On a higher level, Don Bailey, a security consultant with ISEC Partners, and independent consultant Nicolas Andre DePetrillo believe there aren't enough well-rounded security specialists - meaning those who can come into any organization to identify and fix security breach or vulnerabilities. There's a need, they say, for both security generalists and specialists. "A well-rounded security researcher is imperative," says Bailey. "There aren't enough guys that are well-rounded. There's not one technology that can be accentuated."
  • If you're looking for a security job in IT security, at least one rule applies as it would in any other part of IT. Network, network, network. It worked for Jessica Clarke, a malware researcher who found her current job within a month. She emphasized the need to meet and talk to other people, not only on general social networking sites but also on tech destinations like Defcon Forum, where you can join subgroups based on your area code. (Clarke belongs to DC401, which is based on her Rhode Island area code.) "If a company gets seven resumes, they're always going to with the one that has the referral," she says. "It's all about building networks.'

And if you're looking for another networking group, try BeanSec!, an informal meet up of information security professionals, researchers and academics in Greater Boston area that meets monthly.

-- Sonia R.Lelii