News Stay informed about the latest enterprise technology news and product updates.

Lack of skilled security pros challenges CISOs to fill specialties

The market for security professionals is hot, but several experts indicate that the talent pool for IT talent with security skills is dwindling.

While the broad job market has been in a funk since the credit bubble burst in 2008, the market for information security professionals has been anything but.

I highly recommend companies implement a mentoring program for young security professionals.

Dan Waddell, senior director of IT Security, eGlobal Tech

According to job market business intelligence firm WANTED Analytics, employers posted more than 4,500 IT security job ads last month. That’s up about 20% from the same period a year ago and roughly nine times as many jobs that were sought in September 2008.

WANTED Analytics said the ten most commonly sought positions that require IT security experience include:

  • Cyber security analyst
  • Cyber security engineer
  • Software engineer
  • Systems engineer
  • Senior cyber security analyst
  • Information technology security specialist
  • Program manager
  • Information security analyst
  • Information assurance engineer
  • Systems administrator

Talent pool dwindling

“We’re at 100% employment in IT security,” said Eric Cowperthwaite, chief security officer at Providence Health & Services. “This is very similar to the IT hiring environment that existed in the late 1990s. Back then, if a candidate knew how to install a Windows NT server they could get hired as a sys admin."

Jay Leek, SVP, chief information security officer at The Blackstone Group would agree. Earlier this summer, Leek had challenges trying to successfully fill an open security position at his firm.

“It's extremely difficult to find good people. It’s been a challenge to work with every recruiting agency I know to even get resumes in front of me that would result in interviews. It's crazy,” Leek said.

Cowperthwaite said that the tight market forces him to focus on efficiency with the resources already in place. “This talent market nearly causes you to not consider opening a new position when you may ordinarily need to. Instead you find other ways to get it done,” he said. “It’s definitely about becoming good at doing more with less."

Dan Waddell, senior director of IT Security, eGlobal Tech and (ISC)² North American Advisory Board Member, advises companies start looking for talent from within, and cultivate them to be the next generation of top-notch security talent, as well as provide the additional training that may be required for entry level candidates.

“We are starting to focus on bringing in young talent (recent college grads with computer science degrees) and offering paid security training as an added incentive to join. We see this as a short-term investment with long-term gains,” Waddell said.

Additionally, to make sure the necessary talent remains available, Waddell recommends a long-term concerted effort to obtain those gains.

“I highly recommend companies implement a mentoring program for young security professionals. Set them up with a mentor to help guide them as they start down their career path. Young professionals will appreciate the mentorship. Senior professionals interested in moving up the management chain can use this experience to help develop leadership skills,” he said.

With most businesses still challenged when it comes to putting proper IT security initiatives in place, and the increased national focus on cyber-espionage, nation-state backed attacks, as well as the need to continue to harden the systems in critical infrastructure industries security expertise is primed to be in demand for some time to come.

“We’re seeing in the federal contracting marketplace a renewed demand for hands-on, technical security engineering skills (reverse malware engineering, penetration testing, vulnerability assessments, etc.). We’re seeing a decrease in demand for security professionals with broad-based skills in areas such as policies and compliance,” Waddell said.

About the author: 
George V. Hulme writes about security and technology from his home in Minneapolis. You can also find him tweeting about those topics on Twitter @georgevhulme.

Dig Deeper on Information security certifications, training and jobs

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.