Products & Releases

Infosecurity Professionals Receive Salary Increases In 2009, Hiring Heating Up In 2010, (ISC)2 Survey Says

Of those hiring, 40 percent say they will be hiring three or more information security professionals this year
SAN FRANCISCO --(Business Wire)-- Mar 04, 2010 Defying expectations amid a global recession, the results of the (ISC)2 2010 Career Impact Survey released today found that more than half of information security professionals surveyed received salary increases in 2009, while less than five percent of participants lost their jobs.

(ISC)2 ("ISC-squared"), the largest not-for-profit membership body of certified information security professionals worldwide with over 71,000 credentials issued to 66,000 members in more than 135 countries, today announced the results of its second survey tracking the impact of the economic climate on salaries, hiring outlook, budgets, threats, technology purchasing and more. Nearly 3,000 security professionals, including more than 1,800 in the U.S., participated.

Globally, more than half of the professionals surveyed, 52.8 percent (55.1 percent in the U.S.), received salary increases in 2009. Less than 11 percent (11.6 percent in the U.S.) of respondents saw their salaries and/or benefits cut, while 4.8 percent (5 percent in the U.S.) were laid off by their employers.

Of the 800-plus respondents who identified themselves as having hiring responsibilities, more than half, 53.3 percent (50.1 percent in the U.S.), said they were looking to hire permanent and/or contract employees in 2010. In the U.S., this is an improvement over the previous year's survey, when 44.5 percent of hiring managers said they expected to be hiring in the second half of 2009.

Of those hiring, 40 percent (41.5 percent in U.S.) said they will be hiring three or more information security professionals this year, compared to the 2009 survey, in which just 13.1 percent said they would be hiring three or more new permanent or contract employees. Over 90 percent of hiring managers globally and in the U.S. said their biggest hiring challenges were finding candidates with the right skills and level of experience. The hiring managers surveyed in the U.S. said that they were looking for candidates with specific skills in these top five categories: operations security; access control systems and methodology; information risk management; applications and system development security; and security architecture and models.

"The results from our latest Career Impact Survey show that in a very difficult economic environment, organizations are placing an even higher value on the work that information security professionals do," said W. Hord Tipton, CISSP-ISSEP, CAP, CISA, executive director for (ISC)2. "It's a sign of the private and public sectors' ever-increasing dependence upon the stability and security of the online world, providing a plethora of career opportunities for knowledgeable, qualified, motivated security professionals."

"The biggest challenge these top companies and government agencies face is finding enough of the right people with the right security skills to meet their needs, including security technicians, professionals and managers," Tipton said.

Other findings from the 2010 Career Impact Survey include:

* About half of the respondents (51.1 percent globally; 51.9 percent U.S.) saw their information security budgets decrease somewhat or significantly in 2009, while 36.9 percent (35.7 percent in the U.S.) expect no change in their budgets for 2010. This compares to over two-thirds (72 percent) of respondents who reported in the 2009 survey that their budgets had been reduced last year. * Approximately 54 percent (54.6 percent in U.S.) of respondents expect no personnel reductions or layoffs in 2010; while 20 percent (20.8 percent in U.S.) expect additional layoffs, compared to 40 percent of respondents from the previous survey in 2009. * In the U.S., 34.2 percent of respondents believe the economic downturn is causing an increased security risk within their organization, 37 percent of whom identified outside attacks from hackers as the most common security risk attributed to the economic downturn, compared to 31.3 percent globally. Employee misconduct was identified as the second most common risk by 31 percent in the U.S. Employee misconduct was considered the most common risk globally by 37.7 percent of respondents, who believed there was an increased security risk in their organization. * Globally, 55.5 percent of respondents said the economic downturn had decreased their security technology purchases in 2009; 30.7 percent of respondents believe the economy will continue to cause decreased purchasing in 2010.

The (ISC)2 2010 Career Impact Survey was conducted from December 2009 to January 2010 with 2,980 respondents from 80 countries to gain insights into how the economic downturn affected the profession in 2009 and gauge the 2010 outlook. The most common sectors represented were government at 30 percent (37.8 percent in the U.S.); information technology at 28.5 percent (24.2 percent in the U.S.); professional services at 18.2 percent (15.2 percent in the U.S.); telecommunications at 9.9 percent (6.4 percent in the U.S.) and banking at 11.3 percent (8.2 percent in the U.S.). The majority of respondents' organizations had over 1,000 employees. Ninety-five percent of respondents hold (ISC)2's Certified Information System Security Professional (CISSP') credential.

(ISC)2 conducts research regularly to gain insight into the state of the information security workforce and offers support for its certified members seeking employment and career enhancement, including free resume posting and job alerts on its Career Tools site ( Employers can post jobs and search resumes for free as well, giving them a direct line to an audience of qualified information security professionals.

Aggregate results for the (ISC) 2010 Career Impact Survey can be found at:

About (ISC) '

(ISC) is the largest not-for-profit membership body of certified information security professionals worldwide, with over 66,000 members in more than 135 countries. Globally recognized as the Gold Standard, (ISC) issues the Certified Information Systems Security Professional (CISSP') and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP'), Certification and Accreditation Professional (CAP'), and Systems Security Certified Practitioner (SSCP') credentials to qualifying candidates. (ISC)'s certifications are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC) also offers education programs and services based on its CBK', a compendium of information security topics. More information is available at

Editors' Choice
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading