"The other thing that I think we’re starting to finally see is that security is becoming more and more integrated into the other operational areas of IT, whereas if you go back a few years, you needed a staff of absolute security specialists that sort of rode herd on the whole thing," he says. "Now what’s becoming more important is that security is integrated into all facets of the IT operations. It’s that cross-pollination, I think, that’s happening and, as security gets integrated more and more into the mainstream of the organization, you’re going to see that differentiator for people as security specialists in a standalone mode change." That means that no longer will companies need to hire "a team of security killers," but "a bunch of IT professionals with good security awareness," he adds.
So, information-security-savvy IT professionals are going to be in demand, are they? We'll see.
I agree with some of the other points in the magazine article though, such as the change of emphasis from hiring information security managers with pure technical skills to those with business-plus-technical competencies. If you haven't already done it, Mr Information Security Manager, it's high time to take a serious look at doing an MBA or similar qualification through a good business school. At the very least, you'll learn how to speak management doublespeak and perhaps you won't be quite so terrified of phrases like "security strategy" and "business case".