Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

Professionals Thrive, Enterprises Struggle In Skill-Starved Security Market

(ISC)2 study says good security pros are hard to find -- and harder to retain

For security professionals, the good news is that highly skilled and experienced workers are hard to find.

For enterprises, the bad news is that highly skilled and experienced security workers are hard to find.

That's the double-edged sword described in the (ISC)2 2012 Career Impact Survey, a survey of more than 2,000 members of the security professionals' organization.

"On one side, skilled security professionals are enjoying a nearly full-employment market, in which job stability is unprecedented and upward mobility is at an all-time high," (ISC)2 reported in a summary of the survey results. "Today’s highly trained and experienced security professional is seeing both a marked increase in salary and abundant opportunities for job growth and change, despite a sluggish economic environment elsewhere in the IT industry."

Among other statistics, the study shows:

* IT security is a nearly full-employment market. Ninety-six percent of the survey respondents are currently employed. Only 7 percent of information security professionals were unemployed at any point during 2011.

* Qualified security professionals can expect to increase their real income. Nearly 70 percent or respondents received a salary increase in 2011. More than half (55 percent) expect to receive an increase in 2012.

* Upward mobility rules. While more than a third of respondents (35 percent) said they changed jobs last year, the majority (53 percent) said they made the change because they had opportunities for advancement.

On the other hand, the tight market for skilled security professionals is making life difficult for enterprises looking to hire them, according to the study.

"[The typical enterprise] is planning to increase its staffing in the coming year and struggling to find qualified candidates," the survey says. "In fact, the search for security professionals with the right level of skills, experience, certification, and salary expectations were all cited as a significant challenge by those who do the hiring."

Among the results published in the study:

* Security is a priority staffing need. Seventy-two percent of respondents said that in 2011, their organization hired individuals specifically for information security roles.

* Hiring is on the rise. Sixty-two percent reported that they are looking to hire additional permanent or contract information security employees in 2012. Roughly 34 percent reported an increase in new hires in 2011 and 51 percent plan to hire permanent information security, staff this year; of those, 62 percent plan to hire one to two people, and 22 percent plan to hire three to four people.

* Security budgets are rising, too. Some 30 percent of respondents expect information security budgets and equipment purchases to increase in 2012.

* Finding the right people is not easy. The majority of those who hire (50.2 percent) said it has been "somewhat difficult" to find the right candidate to fill their open security staff positions. Another 29 percent characterized the search as "very difficult."

* Hiring can be a slow process. Some 44 percent of hiring managers said that it has taken them one to three months to find and hire the right security person to fill an open position, 36 percent said it has taken them three to six months, and 12.5 percent said it has taken six or more months.

"Last year, we estimated that the security industry didn't have half of the people it needs to fill the available positions and do the job effectively," said Hord Tipton, executive director of (ISC)2. "This study shows that not only was that estimate correct, but the need may be even greater than that."

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3142
PUBLISHED: 2021-01-28
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 instead of this candidate. All references and descriptions in this candidate have been removed to preve...
CVE-2020-35124
PUBLISHED: 2021-01-28
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
CVE-2020-25782
PUBLISHED: 2021-01-28
An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during incoming message handling.
CVE-2020-25783
PUBLISHED: 2021-01-28
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming message handling.
CVE-2020-25784
PUBLISHED: 2021-01-28
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming message handling.