Many of the recent high-profile security compromises have been in the point-of-sale space, Shields notes. "Securing these hardware devices and the software that runs on them takes additional security skills that most general network security engineers do not yet possess," he says.
Hacking experts/penetration testers
The idea of hiring hackers might generate controversy in certain quarters, but people with such knowledge can be valuable to some organizations.
"We're seeing two trends when it comes to new security skills emerging," says John Reed, senior executive director of Robert Half Technology, a provider of professional staffing services. "The first is the demand for ethical hacking. Basically, this is just hiring hackers to do penetration testing on your network to uncover vulnerabilities and then advising organizations on how to correct the issue."
The other trend is an increase in demand for IT forensic examiners, "basically a person who can track down where an intrusion or hack has come from and exactly what has been compromised," Reed says.
Security programs will need people with the skills to help educate users about security risks and vulnerabilities, says John Pescatore, director of emerging trends at The SANS Institute, a research and educational organization. This includes professionals who are good at talking people into doing things they never really did own their own, he says.
"I think we'll see continued growth in demand for people with the soft skills' to increase the effectiveness of user awareness and education — what SANS calls securing the human side," Pescatore says.
There are two main reasons for this, Pescatore says. One is that attacks are becoming much more targeted, "and as we've seen in the recent Target and eBay breaches, the target is increasingly people with access — very targeted phishing campaigns," he says. These are conducted not just through email but through phone and social media as well.
Another reason is "the old security awareness way of posters in the lunchroom and annual watch this video' didn't work and never will," Pescatore says. "But as people start using smartphones and cloud services at home, there are ways to relate to that use and help them think about reducing their own risk in using these services — versus always focusing on the company's risk. That seem to have better results in changing some user behavior."
How to find the skills you need
One thing about information security that a lot of people agree on is that there's a big need for skilled professionals.
"Most of the demand is across the board; there is a shortage of skilled security people, security people who can actually do' security versus pass a multiple-choice test on security," says John Pescatore, director of emerging trends at The SANS Institute, a research and educational organization.
Sign up for CIO Asia eNewsletters.