informa
5 min read
article

Survey: Hiring Managers Struggling To Fill Positions Despite Downturn

Areas of expertise most sought after include operations security, information risk management, and access control systems and methodology, according to (ISC)2 survey
Palm Harbor, Fla., U.S.A., June 4, 2009 " The final results of a survey conducted by (ISC)2' ("ISC-squared"), the not-for-profit global leader in educating and certifying information security professionals throughout their careers, suggests that information security professionals can look forward to a future with new jobs coming onto the market and fewer expected budget cuts. The survey also indicated, however, that hiring managers are struggling to fill positions as candidate salary expectations and skill levels do not meet current demand. Of the more than 2,800 (1,593 U.S.) professionals participating in the survey, 775 had hiring responsibilities, with 44 percent of those looking to hire additional information security staff this year and over 11 percent planning to add more than three people. The areas of expertise most sought after by those seeking candidates were (in order of highest demand): operations security, information risk management, access control systems and methodology, applications and systems development security, and security management practices.

Despite economic conditions, over 80 percent of hiring managers identified that they are challenged in their efforts to find the right candidate. The range of concerns included a lack of desired skills, a lack of available professionals within a local area, and salary demands that were too high for available budgets, particularly from people who had previously worked within the troubled financial services sector.

(ISC)2 conducted the survey in April and May 2009 to gain insight on the impact the economic downturn is having on its certified membership and their employers. Members were asked about the effect on various budgets and their organization and asked about their expectations for the future. They confirmed that outsourcing is having an impact but that activity on this front may be slowing " 30 percent had reported increased levels of outsourcing of security functions, while only 18.7 percent expected the situation to worsen in the next six months.

Over two-thirds (nearly 72 percent) of respondents said their information security budgets had been reduced in the six-month period from October 2008 " March 2009, and roughly half (53.6 percent) revealed that their information security departments had experienced at least one lay-off in the past few months. Looking forward, 62 percent said they did not expect any additional information security budget cuts for the remainder of the year, while nearly 9 percent expected an increase. Fifty-nine percent said no additional personnel cuts would be forthcoming the remainder of the year.

"In this environment, companies may be tempted to make rash security decisions in their panic to cut costs," said W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS, executive director for (ISC)2. "Organizations are advised to proactively analyze how cuts affect their risk profile and avoid costly repercussions resulting from breaches and mandated reparations."

The survey confirms that companies are making their adjustments at a time when they are experiencing more attacks.

Organizations have experienced an increased impact during the economic downturn across several fronts, including internal hacking against the system (18.4 percent); external attacks against the system (33.3 percent); theft of intellectual property (27.8 percent); and fraud and embezzlement (28.3 percent). (ISC)2 conducts research regularly to gain insight on the state of the information security workforce and offers programs of support for members seeking new employment and career enhancement. Current resources developed to support job seekers include:

  • Free resume posting and job alerts to certified members on its Career Center (www.isc2.org/careers). Employers can post jobs and search resumes for free as well, giving them a direct line to an audience of qualified information security professionals.
  • Career clinics bringing specialist recruiters and job seekers together in interactive sessions to discuss current market requirements.
  • A "Career Incident Response" podcast series from The Information Security Leaders, an organization devoted to assisting information security professionals in their career development efforts, is being made available to members on the (ISC) member site over a six-week period. The series is designed to help professionals recognize a potential "career incident," help prevent one in the future and effectively respond should they fall victim to unexpected job loss. Initial results from the (ISC) career survey were released in late April with a promise to announce the final results upon the survey's completion. The full results can be found here: https://www.isc2.org/uploadedFiles/Career_Survey.pdf. About (ISC) The International Information Systems Security Certification Consortium, Inc. [(ISC)2'] is the globally recognized Gold Standard for certifying information security professionals. Celebrating its 20th anniversary, (ISC) has now certified over 60,000 information security professionals in more than 130 countries. Based in Palm Harbor, Florida, USA, with offices in Washington, D.C., London, Hong Kong and Tokyo, (ISC)2 issues the Certified Information Systems Security Professional (CISSP) and related concentrations, Certified Secure Software Lifecycle Professional (CSSLPCM), Certification and Accreditation Professional (CAP), and Systems Security Certified Practitioner (SSCP) credentials to those meeting necessary competency requirements. (ISC) CISSP and related concentrations, CAP, and the SSCP certifications are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC) also offers a continuing professional education program, a portfolio of education products and services based upon (ISC)2's CBK', a compendium of information security topics, and is responsible for the (ISC) Global Information Security Workforce Study. More information is available at www.isc2.org.