About a year ago, I wrote a post at Securosis describing the big changes I see coming in the practice of security during the next 10 years. Though we never seem to have a shortage of town criers singing out our industry's doom, I actually think we are at the start of some insanely positive changes. I don't mean nebulous concepts like "influencing the business," "baking in security early," or "getting a seat at the table." I mean honest-to-goodness security technologies and techniques that will not only materially change how we approach security, but are pretty darn interesting and compelling.

These days many security professionals are relegated to roles that often are only tenuously related to directly improving an organization's security. Now, I'm drawing some big generalizations here, but if this doesn't describe your job, the odds are you know someone it does describe. You don't need security experience for managing directory servers, pushing user permissions, configuring firewalls, and other similar tasks. We have already seen those jobs, even some level of packet analysis, handed off to operations teams. More Security Insights

On the other hand, security isn't merely going to transition into a policy-building role. Get too far away from technology and the policies don't reflect reality, and security gets the basement office. The one next to the boiler.

I'm running on the assumption that if you are reading this, you plan on staying in security for 10 years, you enjoy the profession, and you don't want to turn your brain off. Plenty of those jobs will still be out there, but they will keep decreasing over time. No, for those of you that care, the future is bright.

First, a few technology assumptions: These are trends (detailed in the post linked above) I believe will change the practice of security. The first is the growth of big data, and the ability of security teams to collect and analyze large stores of data in real time. The second is the increasing use of cloud computing and the availability of application programming interfaces to manage everything from software-defined networks to point security products. The third is a greater enablement of incident response, including use of tools like active defense and hypersegregation to reduce attackers' abilities to operate freely in our environments once they get in the front door.

... Read full story on Dark Reading


Post a comment to the original version of this story on Dark Reading