While some headlines might scream about a drop in job ads they don't reflect what's happening in the IT security sector.

In the next five years guardians of IT security will almost double, from 1.3 million practitioners now t9 2.1 million by 2008, according to ISC2, or the International Information Systems Security Certification Consortium. In the Asian-Pacific region the number will jump from 372,810 last year to 727,611 in 2008 (a compound annual growth rate of 18.3 percent for 2003 to 2008), only slightly less than the 792,785 in the US and above Europe's 676,341.

ISC2 commissioned the Information Security Workforce Study by IDC (a sister company of Computerworld) which gained 5371 responses from full-time security professionals, with a variety of job titles, in 80 countries.

And if the growth in numbers is good news to IT professionals it is equally promising for security training providers with the study estimating education in the sector will hit $1 billion by 2006 (year-on-year growth of 16 percent) in the US alone.

For 93 percent of the respondent hiring managers, certification is important when selecting security staff. Certifications remove the guesswork in competency and can be critical in terms of legal liability or corporate due diligence, they said. Both vendor-neutral and vendor-specific certifications hold sway with hiring managers.

The growth in e-commerce, intranets, extranets, hacking, spam et al has driven the importance of IT security, the report says, and training in the sector has stayed stronger than in other spheres of IT which took a hit in the post-dotcom slump. "Pockets of higher-growth opportunities, such as security training, will represent a significant opportunity for career advancement and job growth for years to come," the report said.

Not only has IT security remained strong in the last five years, the report said, but security professionals fared better than their other IT counterparts with higher job growth prospects, career advancement, and bigger base salaries.

At the same time, the requirements and qualifications needed for IT security professionals have changed as drastically as the technologies used.

IT security professionals are "bullish" on the benefits of certification and believe the rewards help them achieve challenging and satisfying careers.

However, there are some areas where respondents see the need for additional training and certification, such as security management practices, telecommunications and network security, and business continuity and disaster recovery planning. Also, the emergence of VoIP and the resulting new security vulnerabilities must be understood for the security of operations, respondents said.

They said also that there's a need for more training in specialized security certification in legal, application security and wireless technologies.

Knowledge of management best practices and business-related skills were considered crucial to career progression.