Security is sort of a fad right now. Like most things organizations freak out about everything up front, and then cut members out of their IT staff later. There will always be a need for security people, and of course new regulations will make sure that security is fresh on their minds. I think the field will grow throughout the next few years and then top off.

My issue is that many “security” professionals really don’t have much of a clue. They know how to do a port scan and run a vulnerability scanner and that is about it. They read a book on security and feel they have enough security knowledge to ward off experienced attackers. Something I find humorous is how many security people I talk to that don’t know much about networking. Come on!

People that are really serious about getting into the security field should start with the basics and remember the three areas of IT: experience, education, and certification. Competition is still pretty tight for jobs so it is best to have as much experience in those three areas as possible. Experience is the most important thing and certification will never totally outweigh education. Learn everything you can from anyone who will show you. Oh, and by the way you should go to at least one Def Con, even if it is just for the experience.