Professionals Thrive, Enterprises Struggle In Skill-Starved Security MarketProfessionals Thrive, Enterprises Struggle In Skill-Starved Security Market
(ISC)2 study says good security pros are hard to find -- and harder to retain
February 16, 2012
For security professionals, the good news is that highly skilled and experienced workers are hard to find.
For enterprises, the bad news is that highly skilled and experienced security workers are hard to find.
That's the double-edged sword described in the (ISC)2 2012 Career Impact Survey, a survey of more than 2,000 members of the security professionals' organization.
"On one side, skilled security professionals are enjoying a nearly full-employment market, in which job stability is unprecedented and upward mobility is at an all-time high," (ISC)2 reported in a summary of the survey results. "Today’s highly trained and experienced security professional is seeing both a marked increase in salary and abundant opportunities for job growth and change, despite a sluggish economic environment elsewhere in the IT industry."
Among other statistics, the study shows:
* IT security is a nearly full-employment market. Ninety-six percent of the survey respondents are currently employed. Only 7 percent of information security professionals were unemployed at any point during 2011.
* Qualified security professionals can expect to increase their real income. Nearly 70 percent or respondents received a salary increase in 2011. More than half (55 percent) expect to receive an increase in 2012.
* Upward mobility rules. While more than a third of respondents (35 percent) said they changed jobs last year, the majority (53 percent) said they made the change because they had opportunities for advancement.
On the other hand, the tight market for skilled security professionals is making life difficult for enterprises looking to hire them, according to the study.
"[The typical enterprise] is planning to increase its staffing in the coming year and struggling to find qualified candidates," the survey says. "In fact, the search for security professionals with the right level of skills, experience, certification, and salary expectations were all cited as a significant challenge by those who do the hiring."
Among the results published in the study:
* Security is a priority staffing need. Seventy-two percent of respondents said that in 2011, their organization hired individuals specifically for information security roles.
* Hiring is on the rise. Sixty-two percent reported that they are looking to hire additional permanent or contract information security employees in 2012. Roughly 34 percent reported an increase in new hires in 2011 and 51 percent plan to hire permanent information security, staff this year; of those, 62 percent plan to hire one to two people, and 22 percent plan to hire three to four people.
* Security budgets are rising, too. Some 30 percent of respondents expect information security budgets and equipment purchases to increase in 2012.
* Finding the right people is not easy. The majority of those who hire (50.2 percent) said it has been "somewhat difficult" to find the right candidate to fill their open security staff positions. Another 29 percent characterized the search as "very difficult."
* Hiring can be a slow process. Some 44 percent of hiring managers said that it has taken them one to three months to find and hire the right security person to fill an open position, 36 percent said it has taken them three to six months, and 12.5 percent said it has taken six or more months.
"Last year, we estimated that the security industry didn't have half of the people it needs to fill the available positions and do the job effectively," said Hord Tipton, executive director of (ISC)2. "This study shows that not only was that estimate correct, but the need may be even greater than that."
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023