In some ways we outsource security already by relying on software from Webroot, Symantec, McAfee and others to protect our PCs from viruses and other nastiness. Outsourcing data security is just another step along that path, albeit one that requires more interaction than just passively accepting updates to a virus database.

I agree that communication skills will be essential. I also think a certain level of security knowledge will still be required in order to apply those communication skills and have the necessary conversations with the outsource provider, and also to help guide the security scope and / or put security audits in place.

Another example of the job not going away, just changing at the detail level... :hehe: