News Stay informed about the latest enterprise technology news and product updates.

Employers to seek more security talent in '07

Learn what certifications are growing in demand and how employers are looking at the job market in 2007.

Information security will never go out of style. As long as companies have computing infrastructure, security professionals will be needed to ward off dangers.

Businesses are looking for professionals that understand security fundamentals and are specialized in a particular area of technology such as Cisco or Microsoft or wireless security.
Ali Pabrai,
advisory committee memberCompTIA Security+

But like all other IT careers, the market demands wax and wane and the requirements change. Experts say spending on security will continue to rise – and specialization, compliance knowledge and documented work experience are in demand.

Compliance spending continues

Enterprises continue to pour money into compliance projects, resulting in a need for more security pros, said Ali Pabrai, CEO of and a member of the advisory committee at CompTIA Security+, the largest developer of vendor-neutral IT certification exams..

"Financial, healthcare and government organizations are aligning their security initiatives with compliance priorities," he said.

Employers are looking for the right talent to specialize in a particular area, Pabrai said. Finding that niche may be key to landing the next big job.

"Businesses are looking for professionals that understand security fundamentals and are specialized in a particular area of technology, such as Cisco, Microsoft or wireless security," he said.

Security jobs:
Podcast: Security certifications pay could rebound in '07

Security clearance means more $$$

Outsourcing: Understanding the business risks

Better VoIP training needed, SANS director says

Information Security Quizzes

While the initial "compliance binge" has slowed down, professionals who are well-versed in remediation and audits are still needed, said Ed Tittel, a freelance writer, trainer and consultant based in the Austin, Texas area.

In addition to compliance skills, companies are looking for professionals with dual talents in development and security, as well as professionals with security clearances who can fulfill the specialized needs of government agencies and defense contractors, Tittel said.

Experts agree that security spending will continue to increase in 2007, but at a slower pace than in previous years. Tittel estimated that the industry would see a 12-15% growth in the coming year; during the past several years, security spending has increased at least 20% annually, he said.

VoIP, wireless security growth

New eras bring new risks. And as one might expect from the skyrocketing numbers, handheld and wireless devices pose an increasing threat to corporate security, said Neill Hopkins, vice president of skills development for CompTIA.

According to a survey by Fierce-Wireless-Bluefire Wireless Security, 87% of respondents had concerns about the security of email access to corporate server accounts and remote access to corporate networks, Hopkins said. Respondents also had concerns about wireless security and loss or theft of mobile and wireless devices.

Hopkins also warned that companies will be facing threats from increased use of voice-over-Internet Protocol (VoIP) telephony and related technologies that are delivered over converged networks.

"In the IP-based communications environment, the system's functionality resides on standard computing platforms, which are vulnerable to the same types of attacks – viruses, worms, Trojan horses – that plague the data environment," Hopkins said.

Companies adopting IP-based communications solutions should thoroughly re-evaluate security practices and strategies to reduce vulnerability, he said.

Certifications in demand

So what will best prepare would-be security pros for the demands of 2007?

According to Hopkins, the following are the most demanded certifications:

  • CompTIA Security+

  • Global Information Assurance Certification (GIAC) organization's set of credentials

  • Information Systems Audit and Control Association (ISACA)'s Certified Information Systems Auditor (CISA) and the Certified Information Security Manager (CISM)

  • (ISC) ² 's Systems Security Certified Practitioner (SSCP) and Certified Information Systems Security Professional (CISSP) certifications officer, chief security officer or senior security engineer.

  • Product vendor certifications such as Check Point, Cisco Systems and Microsoft

    But a certification isn't always enough to guarantee jobseekers a paycheck.

    For entry-level jobseekers, Tittel said that skills, knowledge and experience can be more important than certification. He advises network administrators and others hoping to enter the security market to document security-related aspects of their jobs, such as incidents handled, training delivered and audits undertaken, in addition to pursuing certifications.

    "Intermediate to advanced credentials like the mid-range SANS certs, CISSP, CISM and so forth represent the first significant stepping stones into a space where certification does register," he said. "But you're wise to recognize that three to five years of relevant, current information security job experience also factors into this equation."

    More and more, said Hopkins, employers are looking for candidates who have degrees in IT, ideally focused on information security, and proven on-the-job experience along with great versatility and a broad skill set.

    "Technical skills alone are no longer enough for most IT jobs," he said. "IT workers who understand how to use technology to meet business goals, and who can articulate this understanding, are golden in the eyes of employers."

  • Dig Deeper on Information security certifications, training and jobs

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.