The October issue of Information Security magazine revealed the leading security practitioners in seven different markets and exposed the secrets to their success. We asked each of them where they see the security industry five years from now. Here are their predictions.
Dave Dittrich, Senior Security Engineer and Researcher, University of Washington's Center for Information Assurance and Cybersecurity
"The market will see hackers creating more sophisticated tools. Hopefully, we in the security field will do a better job of educating and training IT people and the public -- and more people will be willing to take the time to educate themselves."
Christofer Hoff, Chief Information Security Officer, WesCorp
"The next five years will bring threats that arrive faster, are more malicious and destructive, and target attack vectors that are ubiquitous, such as common supporting network infrastructure and applications that we all rely on to conduct business. It's going to get much worse before it gets better.
Officially along the same vein as the MCSE credential, MCPT (Microsoft Certified Patch Technician) will enter the information security lexicon as a new career path will formally emerge."
Richard Jackson, Chief Information Protection Officer, ChevronTexaco
"I think I've got a pretty clear picture of what it will be like and I've been articulating this message for a couple years now. There's a convergence of many factors going on, with law and security, that are changing the scope of the position. The CSO of the future will be wearing many hats. CISOs of the past primarily came from technology backgrounds. In the future, they will also need to be a lawyer, marketer, strategist, procurement expert, sales person, negotiator, influencer and more. The message, if it is to be effective, requires an abundance of skills not required in the past."
Patrick Heim, Vice President of Enterprise Security, McKesson Corp.
"I see a lot more consolidation going on. Right now, there are an overwhelming number of small startup companies. From that perspective, I'd say the IT security market is currently a little over-funded, so I'm expecting to see consolidation. There's also a lot of great ideas coming out, but the rate of new novel ideas has slowed somewhat. So, I see incremental improvements in concepts and ideas out there rather than really great ideas."
Edward Amoroso, Chief Information Security Officer, AT&T
"My goal, my hope, is that you'll find more and more firms using security as a market differentiator, as a requirement in everything they do. Security should be something that drives performance reviews for employees. If that's the case, you don't need an information security officer."
Charles M. McGann, Manager of Secure Infrastructure Services, United States Postal Service
"I think we will see more soft perimeters and everybody will become their own security environment."
Dr. Hans-Ottmar Beckmann, Chief Information Security Officer and Corporate Executive Director, Information Technology Centre, Volkswagen AG
"It will be a commodity. Products will be much easier to put together. Viruses, worms and phishing will still exist, but there will be better commodity products you can pluck together -- better dashboards, better firewalls, etc. And people will know more about the risks and how to better handle their security and devices. Today it's easier, but in five years, it will be to the point where my now 83-year-old father will be able to handle a firewall. In big companies, management consoles will tell you when a problem arises in Brazil. There will be more self-healing systems. Antivirus updating will take 30 seconds, not 2 hours."