Skilled and certified information security professionals are finding jobs and getting raises and promotions despite uncertain economic conditions globally, according to a new survey.
“We’ve become more and more digital and we’re creating data at overwhelming rates,” said Horde Tipton, executive director of (ISC)2. “That data creation has resulted in a much greater interest in patrolling, monitoring and administering the complex, diverse environments at enterprises today.”
The (ISC)2 Career Impact Survey was conducted from December 2011 to January 2012 and received responses from security pros in 87 countries. It painted a rosy picture of the job market for security professionals. (ISC)2 found only 7% of information security professionals were unemployed at any point during 2011. Of those surveyed, 72% said their organization hired individuals for information security roles in 2011. In addition, 62% indicated additional permanent or contract security professionals would be sought out in 2012.
Survey respondents said hiring managers are seeking out security pros with operations security background, security management skills and knowledge of access control systems. Network security, secure application development and cloud and virtualization security also were desired skill sets.
In December, hiring managers and career advisors told SearchSecurity.com that highly desired security professionals have skill sets associated with secure application development, the creation of secure mobile applications and knowledge in securing mobile devices in the enterprise. Last year, the 2011 (ISC)2 Global Information Security Workforce Study predicted a need for application security skills. The survey found security pros increasingly involved in software development activities as enterprises make it a priority to reduce application vulnerabilities.
Tipton said the average CISSP is averaging a $98,000 salary as compared to their peers without infosec certifications, who earn approximately $78,000 a year. More people are taking the CISSP examination, but the fail rate is increasing, Tipton said, because the test has become more difficult due to emerging technologies.
Information security job market is difficult for some
Some security professionals continue to struggle even while holding CISSP credentials. Robert Hodges, a Virginia-based security veteran who has held only three positions in more than 30 years in the industry, was laid off from his position in the health care industry in 2010. Hodges said the nature of the job market has changed drastically since he started in information security. Security pros today tend to jump from position to position, landing lucrative work in hot job markets, he said.
“Somewhere along the way I missed the memo that it means nothing to stay loyal to your employer,” Hodges said. “If you are not willing to travel and want to focus on your family, your job options become severely limited.”
Hodges has stayed current on his skills and certifications to avoid being “pigeonholed,” and ultimately becoming irrelevant. Following his job loss, he quickly landed on his feet, taking on the role of IT director at a firm in the financial industry, but he believes security industry veterans are being increasingly laid off for younger talent. Security professionals in government contractor positions are also suffering, said Hodges, who heads the local chapter of the Information Systems Security Association.
“I’ve seen guys go their entire career working at one desk and then suddenly the contract doesn't get picked up,” Hodges said. “All these guys drive UPS trucks until something else comes along, so it can be very difficult.”