Opinion: Where are those infosec jobs?

Computerworld - If you've been reading the news, you might think security and privacy are the industries to be in for the foreseeable future. "The 2008 (ISC)2 Information Security Workforce Study," a paper issued by Frost & Sullivan Consulting, opens with a declamation about "high-profile identity theft and data loss incidents" that'll motivate expansion of the information security field. The easy example is TJX's infamous credit card data breach, news of which the firm withheld until after the 2006 holiday shopping season.

On the surface, there's a lot to push security forward. Examining TJX and other high-profile slop and mistakes, the report deduces that liability for breaches may reach as high as $200 per record disclosed. In theory, this level of risk provides serious motivation for corporate expenditures on information security. Public confidence and brand value arguments for increasing security also make intuitive sense. And regulatory pressures for compliance with various minimum standards of due care for personal, financial, health care and other data have become legion -- requiring, or so you'd expect, the employment of security professionals.

The Frost & Sullivan paper predicts the information security field will experience 10% annual compound growth until at least 2012, leading to more than a million new security positions in the next five years or so. One might think it's time to polish the resume and plan a trip to Vegas based on the anticipated salary bump.

Money well spent?

Reality may not be so kind. Strong growth in security roles and overall IT spending depends on several things, and the report names three as the basis for its predictions: public confidence in organizations, compliance with regulatory and contractual obligations, and return on investment.

Of those three factors, it makes sense that public confidence would be a strong factor to lead security growth. Frost & Sullivan, for instance, claim that "customers expect their data to be protected and have shown that they will leave organizations that violate their trust." And it made an impression on me to watch the long string of events, subterfuge and drawn-out disclosures from TJX about the loss of almost 100 million credit card numbers -- equivalent to one for every three Americans -- that stemmed from the company's failure to simply secure its Wi-Fi. I certainly won't shop there, though I'm happy to patronize retail or online shops that query and authenticate me strongly.

But the rest of the world's not paying that kind of attention. TJX stock is humming along at around $30 with steadily increasing earnings, and bargain hunters still flock to their stores. It seems consumers don't connect the costs in the headlines with the discount on a gotta-have-it blouse or a great pair of slacks.