I think the future of this career field is very solid. Up until this point, security has not been a priority of development teams. With compliance requirements such as PCI DSS and new regulatory requirements from groups such as the OCC, this has changed. Developers who understand secure design and development will become the norm rather than the exception, and getting an early start is always good.
In addition, skills such as penetration testing, application assessment and code review will increasingly be in demand. Again -- regulatory and compliance pressures mandate that application level testing be performed, so there will be a need for more capable individuals. Over time, though, these areas will be commoditized and the really valuable skills will be more process-focused. The ability to lead development teams in secure development efforts as well as the ability to help integrate security into the software development lifecycle (SDLC) will become more important than the testing of individual applications.
This was first published in June 2008