Hackers want to bring down your 10,000-page sports-shoe site and scrawl "Slave Labor Inc." across the home page. Competitors are trying to recruit away your top talent by tapping into hidden pages on your corporate site. Worms are threatening to burrow into your extranet, endangering data on your own network and even your partners' networks.

Who you gonna call? Net security gurus.

Information security professionals are critical to the Internet's continuing development, especially e-commerce. To earn and maintain customers' trust, online merchants must write security policies and procedures, specify data-protection products, install firewalls and grind out hack-resistant code. All of these requirements represent career opportunities for tech gurus with a gut feeling for how to keep data safe.

Gauging Demand for Security Pros

The security sector has taken its lumps in the dotcom carnage, but the demand for technical expertise may be a bright spot. "There's been not as much of an easing (in demand for security engineers) as we expected," says Barry Cioe, director of product management at security software maker Symantec in Cupertino, California. Symantec and many of its corporate clients are continuing to look to fill some technical positions in information security.

Ivan Yopp of VeriSign paints a somewhat different picture. "A number of our competitors are having difficulties, unleashing an increased supply of information security pros into the marketplace," says Yopp, employment manager for the Mountain View, California, digital certification firm. His company no longer needs headhunters or agencies to find qualified applicants.

But nearly everyone in the business agrees IT professionals with the right credentials are still in the driver's seat.

Skills and Background Required

"We still have difficulty filling positions that require substantial experience with white-box testing and Mercury Interactive's WinRunner," Yopp says. Experience with PKI (Public Key Infrastructure), Web certificate authority, payment services and distributed processing are also sought after. Knowledge of Internet security software from Check Point Software Technologies is always in demand, according to Mandy Andress, a Dublin, California, consultant and author of Surviving Security: How to Integrate People, Process, and Technology.

"The best candidates are the ones who actually have a combination of software development, networking and security-specific training," says Cioe. In the real world, employers often settle for experience in two of these three areas.

A generic IT background is important to security work. Relevant experience includes Windows 2000 and NT, Unix, Java, C++ and skills in configuring routers and servers. Many successful candidates have been heavily involved in B2B or B2C commerce projects. In college, most information security professionals earned computer science degrees, but others majored in accounting or other business fields, according to Andress.

Finally, a candidate can boost marketability and salary potential by earning certifications such as CISSP (Certified Information Systems Security Professional) and CISA (Certified Information Systems Auditor). The Computer Security Institute is a good place to find information on the profession.

Pay Range

In most geographic markets, positions such as security administrator or security engineer start at around $70,000 per year. A senior security analyst is likely to earn at least $80,000, possibly more than $100,000 in New York City. Top-level positions, such as an enterprise security officer, often pay $110,000 to $140,000 or more.

Should you wager your career on the chance that hackers will continue to cook up new viruses and cyberthieves will keep pilfering credit card numbers from Web sites? Sounds like a safe bet to us.