What's your favorite part of the job?
The challenge of keeping up with all the changing technology and helping people understand the threat.

Name the first thing you would change?
The image and impression that an IT security professional is a cybercop and that the job is all operational, when in fact we are more strategic, as well as following the needs of the business and using security best practices.

What threats scare you?
An easily exploitable and profitable zero-day threat is number one. I think it's clear that the majority of threats are driven by greed. So, anything that can be quickly and easily exploited that can bring in big dollar signs to the bad guys scares the heck out of me. Rootkits are also nasty. It seems that they are still low on the security scope, so they have obscurity working on their side.

How do you see information security changing?
Clearly we are still in the advent of IT security. New threats come out almost hourly, whether it's related to vulnerabilities in code, viruses, rootkits or social engineering. Hopefully we can recognize these threats, and push for stronger accountability, awareness and laws to combat these issues.



Security certs pay bounces back
Following a dip in early 2006, information security certifications pay rebounded by year end to finish where it started: 8.8 percent of base pay for a single certification.

Getting nervous
Customers are beginning to push vendors harder to secure networks and systems. We believe this will stimulate more hiring and higher pay for security pros in the near future.

Source: Foote Partners 2007 Hot IT Skills and Certifications Pay Index