When Mano Paul of (ISC)2 discusses today's top application security challenges, he draws an analogy with sharks. And what he views as the skills needed to tackle today's top threats might surprise you.
The growing IT security profession - which shows virtually no unemployment, according to government data - remains the domain of white and Asian men with a scarcity of women, African Americans and Latinos.
"With a company-issued device, you can issue a policy that says users have no rights of privacy over information on the device," says Javelin's Tom Wills. But with employee-owned devices? A whole new set of issues.
In the areas of risk management and business continuity, security professionals have advanced significantly since Sept. 11, 2001. But there's still an issue of complacency that needs to be addressed, says Rolf von Roessing, past international vice president of ISACA.
Mobile apps and smartphone security are increasing global concerns. But Dr. Giles Hogben of ENISA says mobile malware mania is a bit overhyped, since mobile is actually more secure than most other platforms currently on the market.
"We find a lot of security professionals saying, 'I'm just going to get another certification, or I'm going to get deeper into this technology skill,'" says researcher David Foote. "That's not going to get you very far."
"Once you identify that person based on the unique characteristics of their face, you could then match it with other databases," privacy advocate Beth Givens says, referring to privacy gaps created by facial recognition technology.
"You need to understand how you are currently using social media in your organization, and how you intend to use it, before you can define policies around social media," says Erika Del Giudice of Crowe Horwath.