I remember after finishing our CS studies we were taken by the Army to take a day long test. We were warned better fail the test unless we are willing to be enrolled. However this might be an isolated case.

In turn, I guess a security professional is more scarce than an average developer. The question is if all security professionals are hired to strenghten systems, or some of them to break it.