The RSA Conference in San Francisco, the big annual get together for the great and the good of corporate IT security, is just getting under way - and I'll be reporting from it all this week.

One of the nice quirks of the event is that each year it chooses an historical theme around IT security - this year the focus is on Edgar Allan Poe. Poe was fascinated by cryptography, often concealing hidden messages in his works, and even once challenged his readers to submit their codes to him - which he then claimed to crack.

It's an interesting choice of mascot for this year's event. Beyond the link with cryptography, Poe is, of course, best known for his stories of threatening Gothic gloom and madness. I'm not entirely sure that's the association the organisers had it mind, but I'm having trouble shaking it off.

Can we recast Poe's horror classic 'The Pit and the Pendulum' as the dilemma faced by CEOs and CIOs - whether to throw more of their budget into the pit of IT security spending or risk being sliced to pieces by the pendulum of customer anger if their infrastructure is breached?

As one of Poe's recurring themes was premature burial, should we be on the lookout for the security threats that we thought we had defeated, that may even now be about to burst from their coffins and cause more havoc (like Conficker, maybe)?

And how to recast the grim 'Nevermore' as uttered by the gloomy bird in The Raven? Perhaps as a dark warning that we'll never win the battle against hackers and virus writers?

Frankly I'm not even going to attempt The Fall of the House of Usher. Figure out an IT security moral from that one yourselves, if you can!

In any case, despite the bleak time suggested by the choice of Poe, there are reasons to be, if not exactly cheerful, then relatively positive about the IT security outlook.

Security is reasonably well funded at the moment - from silicon.com's own exclusive research, unveiled last month, we know that security is a top area of focus for CIOs during 2009. That's in contrast to 2008 when IT governance took the top spot. And a series of data breaches have made CEOs wake up to the need to invest in this area.

Technologies mentioned in the research as being of particular interest include identity and access management, email security, and monitoring and filtering, with biometrics and data encryption.

Still, that doesn't mean security experts have hit the jackpot of unlimited budget. The RSA Conference unveiled a programme to offer passes to the San Francisco event for 25 unemployed security pros, showing that the recession is hitting all classes of techies.

And just because times are tough that doesn't mean the bad guys are going to go easy on businesses - quite the opposite. Tough economic times are often linked to an increase in crime and there's no reason why the electronic world would be immune to that.

A poll of anti-fraud chiefs published by RSA Conference in the run up to the event found that more than half thought fraud attacks have increased because of the global economic problems - and one in three said their organisation had been hit with a data breach in the last 12 months.

It's not just the professionals - consumers also think the economic crisis makes them more at risk of ID theft or fraud, according to separate research conducted by Unisys. This means firms have to work that bit harder to make sure their customers are willing to do business with them electronically. There's still plenty of work to do.

On top of that, now that firms are seriously looking at cloud computing models this will inevitably become an area where security will have to be addressed. As well as figuring out how to defend what organisations already have, there's also a need to work out how to protect new applications. Plus the IT security industry has to justify the money being spent on it and not just rely on scare tactics.

Still, despite all of this, it's worth remembering that as well as all the gloom, Poe is also known for writing the world's first detective story, with his C Auguste Dupin solving the apparently unsolvable case of the murders on the Rue Morgue.

Perhaps security professionals and the industry had better adopt him as their role model rather than some of Poe's other heroes, who had a habit of coming to less than pleasant ends.

 

There's always a lot of discussion about what job CIOs should aim for after their stint as head of IT, and millions of words expended on the thorny issue of whether CIOs have a chance at bagging the prized CEO role.

So it's interesting that a former CIO has landed just such a top job today - and a pretty high profile one as well.

The Football Association has appointed Ian Watmore as its chief executive, due to take up the role in June. Watmore joins the FA from the Department for Innovation, Universities and Skills where he was permanent secretary, and before that he was head of the Prime Minister's Delivery Unit in Number 10.

But before those roles he was better known to us at silicon.com as the government CIO, working out of the Cabinet Office.

Chief executive of the FA is a highly pressured and very public role, and it shows that a technology background is no barrier to scaling the corporate heights.

Not all technology professionals aspire to becoming IT director or CIO, and not all CIOs aspire to be COO or CEO, but Watmore's progress is inspiring to techies that do have that ambition by showing such a career progression can be made.

Tectonic shifts in the way corporate IT is delivered means the career path for CIOs and aspiring CIOs is more complicated than ever. Gone are the days when you could join a firm as a junior programmer and work your way up to IT director over a few decades. Increasingly, organisations are looking outside of the IT department for their CIO, for someone who can bridge the gap between IT and the rest of the business - but this fusion of tech and business also holds out the promise that CIOs can move more freely into other roles, just as Watmore has.

Indeed, its worth pointing out that Watmore's path to government CIO was via Accenture, where he was UK managing director, rather than a more traditional techie route.

It's something we'll be writing a lot more about this year but I'd love to find out what you think too - what is the right career path to follow if you want to be a CIO? And where do you go afterwards? Let me know by posting a reader comment below.