I don't think any industry is immuned to the changes in the economy.  Right now InfoSec is big due to many factors related to the high profile breaches that have occured.  Not to mention the the increase in the hactivism movement, both the passive and extremists sides (Lulzsec).  So we can unfortunately, thank them for their work since it has now given us a plenty of work.  The big companies are shelling out dollars in hopes to make these problems go away but in reality, it will require them to change their mindset on the problem. 

The breaches that occur now that have given way to the newly hated acronym of APT are a new breed of attack.  The guys or gals on the other side of the wire are in this for one thing, money!  They most likely have nothing against the company but either a criminal organization, terrorist group or nation state has provided them with resources to get certain data and do it without detection.  They are highly intelligent and are being paid to bypass security.  They write their own code, use phishing attacks and utilize much patience.  They may wait for 6-12 months before actually taking anything.  They will drop backdoors that will go undetected because the company is still using definition based detection methods.  How do you detect what you don't know? 

The box with the blinky lights will not protect us any longer.  So upper management needs to change their mentality when fighting these threats.  Before they buy more software or hardware to throw at this threat, they need to shore up their current infrastructure.  Segment the big LANs, utilize ACLs on the switches, put your servers on a vLAN that only allows the essential services through to get work done.  Take your most critical data and place it in a tightly secured environment accessible through Citrix but no other way. 

Oh I am digressing a bit, what I am trying to say, eventually the big companies will do one of two things...  They will listen to us and do as we say and implement these new counter measures.  They will clean up the environment to eliminate any foreign presence and they will go on in business.  Or, they will say the cost is too high to proceed, they will not listen to us and go on deleted the malware and blocking websites and eventually that REALLY critical data will go out the door and into someone elses hands.  It will be used maybe by a competitor to help them obtain contracts, or maybe by a terrorist group to use against our own military.  Either way, that will cost the company greatly and possibly force them to close.

So when all these big companies close, there may be a surplus of InfoSec types looking for work.  The small/medium businesses and non-profits will become our bread and butter I think.

This is a great post. I'm still in college but my goal is to one day be a information assurance engineer. Just like every other college kid, I'm a little scared about not finding a job due to many applicants or just having the number of jobs go down.

How do you think security will change in the next 5-10 years?

YtF - the generation of college students graduating now and the next 10 years are to me the ones in the most economic peril. Jobs are slowly disappearing so if security is where you would like to go I would learn (and know cold) as much about every aspect of security as possible, from technical offerings such as metasploit to legal and privacy matters such as regulations of PCI-DSS, etc. It's definitely a broad field yet as I witnessed at BASC this weekend, still somehow is in fledgling stages. At least in terms of recognition.