Many financial indicators are pointing to a looming global recession. This means that companies will be tightening their belts and drastically cutting down on their discretionary spending. What does this mean for information security industry? And what can CISOs do to recession proof their security programs?

This means leaner security organizations (yes that means lay offs), significantly reduced spending on security consultants and contractors, and squeezing the most out of every buck that is spent for information security. This would also mean longer sales cycles for security vendors, cost taking precedence over functionality. From a CISO perspective, it means more justification for security budgets, begging other parts of the business to fund security projects, and pushing existing vendors to provide more for the same amount of dollars.

Some people see a silver lining to all this. Here is what they say, “When things get tough, businesses will more likely to focus on what they do best and hand off operational tasks to an outsourcer.” Many on-shore and off-shore providers have had double digit growth in their managed security businesses in the past. But here is the dirty little secret of security outsourcing – many times it does not save you costs. A lot of times you end up spending the same, if not more, on outsourcing. You could potentially get some cost benefits by working with an off shore provider, but due to the declining dollar that proposition is also becoming pretty bleak.

We may be better off than other areas of IT because the demand for information security professionals is still outstripping supply, but expect a lot more organizations to pick people from other parts of their organization and move them to information security rather than hiring new people. Unfortunately, this means lesser jobs for all of us – the real security folk.