Ray Davidson spent about 20 years working as a liaison between R&D and the IT division at a pharmaceutical company before he was forced into early retirement as part of downsizing plans two years ago. Since then, Davidson said he used his freed up time to get training from the SANS Institute that would complement his strategy/policy level of experience.
To get security news and tips delivered to your inbox,
The Michigan-based scientist turned security professional said he hopes to land a job in education or consulting, but the economy has made the landscape more competitive and ultimately more difficult to land a satisfying job.
"I do think things will get better in come ways," Davidson said. The entry level will continue to be difficult I think - like credit, you need experience to get experience."
While the economic downturn has flooded the market with job applicants, the recently released 2009 ISC2 career survey of 2,800 IT professionals (775 had hiring responsibilities) in April and May 2009 found some uncertainties in the job market.
Don't expect to land a security position with last year's salary expectations, according to the firm. Hiring managers are struggling to fill positions as candidate salary expectations and skill levels are not meeting the current demand. More than 80% of those identified as hiring managers said they are having trouble finding the right candidates.
Security jobs and certifications:
Security skills pay increases despite economic downturn: Despite the dour economy, new skills pay data suggests security managers are benefiting as CIOs look to retrench to survive the tough times ahead.
"Security people who are moving around are finding that the salary bump is not quite what they expected," W. Hord Tipton, executive director at ISC2. "They invest a lot of money in training and education and I think they're looking for some reward back for that, but I don't know whether it will level out or not."
The security job market within the troubled financial services sector also continues to be problem. A security professional who wished to remain anonymous said his firm recently enforced an across the board scaled paycut in addition to several rounds of layoffs over the last year.
"I am starting to see more senior level, experience wise, people looking for work which tells me that cuts are now taking out high performers," he said.
Over the last six months, several surveys documented declining IT security budgets as a result of the dour economic environment. The ISC2 survey found 72% of respondents reporting their information security budgets had been reduced in the six-month period from October 2008 -- March 2009. More than half experienced at least one layoff in the past few months. Still, 62% of respondents said they did not expect any additional information security budget cuts for the remainder of the year.
"Managers in IT security should always be thinking about how to survive with fewer team members; business conditions are always changing," said Andrew Storms, director of security operations at security and compliance auditing vendor, nCircle Network Security Inc. "Cross training and automation are key strategies that every IT staff manager should always keep in mind."
Storms and other experts said the Obama administrations focus on cybersecurity issues may aid in the recovery of the job market.
"IT jobs with companies with government contracts, and those in government agencies should increase," Storms said. "IT staff specializing in specific growth areas, such as internet security and regulatory compliance have some reason to be optimistic about a near term economic recovery."
Positive security job outlook
The ISC2 survey found some positive news for security pros struggling to land the right job. Forty-four percent of respondents said they are looking to hire additional information security staff this year. Operations security topped the list of positions that needed to be filled, followed by information risk management, access control systems and methodology, applications and systems development security and security management practices.
"I tend to believe the glass is still half full," ISC2's Tipton said. "Companies that are suffering at this point have perhaps reached a core level of sustainability in terms of the security curve that could flatten out without any further reductions."
Hard skills matter most in the current economic environment, Tipton said. Network engineers, penetration testing and forensics experts are in demand. Soft skills, such as a security architect who shows some management and technical skills will find work when the jobs picture gets brighter, he said.
Another sign that the economic outlook is improving is the slowing of the practice of outsourcing of certain security functions. Survey respondents said outsourcing will have less of an impact in the future, with 30% reporting increased levels of outsourcing security functions and only 18.7% expecting the situation to worsen in the next six months.
As for Davidson, the job search continues. Davidson said he's getting a license to do computer forensics in the event his desired position doesn't materialize.
"There will be more need for people who can look at log aggregates and determine what is important and what isn't," he said. We'll need people who can distinguish between a vulnerability and a risk and then make the credible case to C level management."