I've often wondered just how much the average IT department budget is spent on security and just got my answer. The Register had a post, Security spending soars, reporting the results of a recent survey by the Computing Technology Industry Association (CompTIA) of 1,070 organizations:
"Spending on security technology, training, assessments, and certification accounted for one-fifth of total technology budgets in 2006, up from 15 per cent in 2005, and 12 per cent in 2004.
Even taking into account increased spending on security to meet tougher compliance regimes, CompTIA figures are much higher than those of other security watchers. Gartner, for example, predicts that security spending will rise to 9.3 per cent in 2007."
I think it's already well known that security positions within IT offer great opportunities and there is going to be growth in this field for quite some time. Aside from the security products already in use (Anti-virus software, firewalls, and proxy servers); the CompTIA report also noted the increased use of intrusion detection systems, physical access control, and multi-factor authentication.
So if you're not well versed in these technologies and have some room in the training budget, it might wise to get "spun up" on at least one of these to round out your skill set; even if IT security isn't your primary role. Both CompTIA and SANS (SysAdmin, Audit, Networking, and Security) Institute offer training in IT security.
Comment Preview