My $.02:
We've heard the politicians mention it with every breath for over 18 months, the media replays it over and over... it almost seemed like a self-fulfilling prophesy that we now have horrible economic times. It also doesn't help that the "irrational exhuberance" of the stock market which caused the tech bubble to burst almost a decade ago just simply moved over to the real estate market. So we were bound to see the same results as we repeated our mistakes.
Well, no matter to whom we point the finger, we're all stuck in this problem together. So what does this mean for tech and security specifically?
Well in my opinion, even in the good times, IT is always first on the chopping block. Even though President-Elect Obama has already mentioned adding to IT as part of his Health Care Plan, what does it mean? Just more money or will his advisors do what most company execs of non-tech companies do... look to "streamline" IT by cutting staff and/or outsourcing. We'll eventually see what the details are of his statement, "How do we gain savings that we can then put into prevention and health IT." At this point, we don't know if his mentioned IT directly is a good or a bad thing.
But even if IT as a whole has issues in 2009, I truly believe security will be one of the few growing areas of a down economy. When people are paranoid about money, they look for companies who can protect their interests, so that way they don't lose what little they have. That means choosing services with more security. Add to that the continued push of government regulations mandating certain security measures, and we should be OK.
So if it is commonly said that normal investors should focus on where the smart money goes, then will too many people move into security? Once again looking back at history, what happened immediately after the tech bubble burst? It seemed like everyone wanted to get their MBAs. Enrollment was huge, because people decided to take the time to get their advanced degree, and why not. People weren't being hired and the yelling from the mountaintops was that IT professionals need to be more business saavy. So instead of constant rejection or simply staying at home doing nothing, it was back to school for many. Now we have a glut of MBAs and not just in the IT field.
So will this trend continue for security? Probably. This means that you really need to bring more to the table than just a resume where you look good on paper. Expand your skills, gain experience, join professional groups like ISSA, Infragrad, OWASP, etc. Hell, in an interview make sure that they know it. Point out to them directly that you have what they need even if they don't know what they're looking for.
As for the forecast in 2009... I think we will all see a downturn in the first quarter, but everyone has a point where they feel enough is enough and they begin to force a recovery. I think that will start to happen in the second quarter. Why? Everyone is being told right now to freeze spending to build up the nestegg for these bad times. Eventually they have to spend it. Then it will all come out like a broken dam. At least I hope it's in time for the next ChicagoCon in May.
(Thanks Jack)
Well, that's enough of my opinions. What are your thoughts on the year that was and the year that will be?Don
OSCP - Offensive Security Certified Professional : Failed my first attempt at the OSCP exam
