US COMPUTER SECURITY INDUSTRY CREATING JOBS BostonWorks - Jobs, Events, and Information from The Boston GlobeComputer-security threats generate jobs

Industry niche sees a rise in hiring as while awareness grows

By Kimberly Blanton, Globe Staff, 4/25/04

Worms, viruses, domestic hackers, identity theft, international terrorists - security threats sprout and proliferate in the nation's vast web of computer networks. These nefarious forces, while wily and difficult to control, have a bright side: They are generating jobs. Hiring in the computer-security business is rising even as the rest of the technology industry struggles to pull itself out of a slump, executives and security specialists say.

High-tech employment nationwide rebounded in 2003 to 10.3 million, up from 9.9 million the previous year, when some 500,000 employees lost their jobs. While no known jobs data exist in the security-technology niche, spending on security ''has certainly been one of the big drivers of information-technology employment,'' said Bob Cohen, senior vice president of the Information Technology Association of America, which tracks employment trends. Fred Whelan of Whelan Stone, a San Francisco search firm, said he has seen security-related hiring rise steadily during the past year. ''Longer-term,'' he said, ''we're seeing it as a positive employment market.''

Arbor Networks fends off more than 150 worm attacks a day by the ''botnet army'' for clients such as AT&T, IBM, the Pentagon, and others. In an attack, hackers take control of thousands of personal computers connected to broadband cable or a DSL network and unleash the worm, instructing the machines - the army - to flood a company's network with damaging traffic that can shut down its website. ''We detect the worm attack when it starts,'' says Arbor chief executive Tom Arthur, ''trace where it's coming from, and help businesses block it while keeping their networks up.''

Arbor Networks, a private firm in Lexington founded three years ago, has 80 employees and plans to add 16 this year. The company's technology was developed by a University of Michigan professor and one of his students to stamp out what are known in the industry as ''denial-of-service'' attacks, a growing security threat. Arthur predicted he will ''accelerate the hiring into 2005.''

Immediately after the terrorist attacks of September. 11, 2001, the forecasts were that the computer-security business would grow rapidly. However, the tech sector continued to deteriorate and a terrorist-fed security boom failed to materialize.

Three years later, Internet security spending is being driven by heightened awareness in the public and corporate America of the dangers of viruses and the risks of transferring billions of pieces of proprietary customer, personal, and financial data over the Internet.

Investors view security as having huge potential. Venture capitalists poured $391 million into security start-ups in this year's first quarter, more than double the previous quarter, said Updata Capital, which tracks the industry.

The world's tech security industry will generate $11.6 billion in revenues this year, more than double 2001 revenues of $5.7 billion, according to Tthe Yankee Group. And Updata's 30-stock index of security technology companies rose 149 percent over the past year, outperforming the broader Nasdaq index gain of 42 percent.

Federal regulation is also unleashing growth. Congress in recent years has passed major legislation seeking to protect privacy and security for corporations and Americans who go online and to raise security requirements in the United States to the higher standard of existing European regulations. Healthcare and the financial and pharmaceutical industries are spending billions on security to satisfy these new regulations.

''Regulation is huge,'' said Phebe Waterfield, security-industry analyst at the Yankee Group. ''The law is starting to catch up with the technology.''

Regulation is fueling hiring at Bedford-based RSA Security Inc., which has 718 US employees, up from 679 in March 2003. Its primary product is a device that ensures the right people log on only to websites or software to which they are allowed access. When an employee or customer logs on to their computer, the computer asks for a passcode.RSA's handheld security device, which contains a microprocessor, generates and displays a six-digit passcode programmed to synchronize with the computer's password. Since the password in the device changes every 60 seconds, it is impossible to log on without it.

Invented more than a decade ago, the vast majority of the 17 million devices now in use around the globe were sold in the past five years, said John Worrall, vice president of worldwide marketing.

The company has posted seven consecutive quarters of revenue growth, a 30 percent gain during that time, to $71 million in the final quarter of 2004. The company said it has 47 positions open worldwide, mostly in the United States.

At first, hiring at RSA was ''conservative, until we had a better flavor for the overall economic condition and the growth of our business,'' Worrall said. ''We're starting to feel better, and our hiring plans reflect that.''

Much of the growth in Internet security is occurring at small firms, where innovations are leading to myriad products. This segment of the industry is still ''fragmented'' and in the midst of consolidation so hiring by individual companies can be uneven, said Don More, Updata senior vice president. But hackers' ingenuity will create endless demand for new forms of prevention, he said. ''It's definitely a bullish sector from an employee standpoint.''

The world's largest software company, Microsoft Corp., is also pouring money into security. Chairman Bill Gates at a January conference in Prague said security research and development would ''continue to be our top investment priority for years to come.'' Rising demand for the unique skills required of tech-security specialists has created something of a labor shortage for some companies. Employers said it can be difficult to find people with the right combination of software or network experience combined with knowledge of security. When talking about her company's personnel needs, Maria Cirino, Verisign Inc.'s senior vice president, sounds like a high-tech manager from another era - the late 1990s boom.

Verisign, which aquired Waltham-based Guardent this year, is a fast-growing security company that currently has 30 open positions in the security unit headed by Cirino, who founded Guardent. Verisign's security unit remotely monitors customers' systems continually, to hunt down viruses and other attackers, make sure firewalls work, and update antivirus programs.

Open positions at Verisign include remedy and security consultants, programmers, project managers, and salespeople. ''You name it, we need them,'' said Cirino.

Kimberly Blanton can be reached at blanton@globe.com