More than half of businesses plan to hire information security staff this year.
According to a survey by (ISC)², the information security profession offers not only stability but upward mobility as nearly 70 per cent of employees in the sector reported a salary increase and 55 per cent expected to receive an increase in 2012. The (ISC)² 2012 Career Impact Survey was conducted from December 2011 to January 2012 among 2,256 respondents.
In terms of hiring, 72 per cent said that in 2011, their organisation hired individuals specifically for information security roles, while 62 per cent said they are looking to hire additional permanent or contract information security employees in 2012.
Of those hiring, 81 per cent said an understanding of information security concepts is an important factor in their hiring decisions, while other top factors included directly related experience (72 per cent) and technical skills (76 per cent).
Richard Nealon, member of the (ISC)2 board of directors, said: “This is good news in a gloomy economic climate. With demand outstripping supply, there is real opportunity to forge a rewarding career, even for newcomers who may not have considered the possibilities, as employers seek to meet their needs.
“I believe the base requirement is passion and a genuine interest for what you are doing, personal integrity, an inquiring mind and a small modicum of common sense. The rest can be developed.”
W. Hord Tipton, executive director of (ISC)², said: “This data reflects the increase in security breaches we saw throughout 2011 and the fact that organisations, both in the public and private sector, are finally realising the importance of implementing sound security programmes that should be run by experienced and qualified professionals.”
Last week, former security minister Baroness Pauline Neville-Jones said that the UK cyber security skills base was "wholly inadequate" and called for a teaching programme to better prepare students for a career in the security industry.
James Lyne, director of strategy at Sophos, said: “The IT security skills gap in today's workforce is a fundamental problem in creating the cyber experts of the future. Introducing understanding of fundamentals, such as logic or basic programming, will be a good foundation to build interest, but this will need to be built upon in courses and skills development all the way up to university level.
“Graduate programmes and other such ways of junior cyber experts gaining initial experience also need to be focused on, as classroom development alone will also not be sufficient. Many of the best cyber experts in the industry today are passionately interested in tinkering and playing with technology to understand what makes it tick. It is a mindset we need to encourage, not just a textbook knowledge.”
The (ISC)² survey found that the top skills managers were looking for were: operations security (55 per cent), security management practices (52 per cent), access control systems/methodology (51 per cent), security architecture/models (50 per cent), risk management (49 per cent), telecom/network security (45 per cent), applications/system development security (44 per cent) and cloud/virtualisation (35 per cent).
“Security is an ever-changing field that requires professionals to expand constantly upon their knowledge of today's advanced threats. Just as importantly, this field also calls for hands-on experience and the business know-how to implement robust security practices across an organisation,” Tipton said.
“While it's a very positive sign that this field continues to grow and is somewhat ‘recession-proof,' one of the biggest challenges that remains is finding enough of the right people with the appropriate security skills to fill the huge void that exists right now. We must continue to build this workforce at an aggressive pace.”