Professional Monitor in association with (ISC)2
Professional Monitor in association with (ISC)2

Iain Sutherland, founder of specialist recruiters Information Security Solutions, sees Government jobs taking up the slack, while competition stiffens everywhere.

In recent months, I have noted an influx of CVs from the US and countries outside the EU. Technically they are good, but they lack the knowledge of the legal and regulatory differences here, particularly when it comes to privacy. At the same time, many foreign companies in the City have pulled operations back home. It is safe to say there is upheaval in the security job market.

But all is not lost, as the public sector has stepped into the breach. The Government – keen both to sort out the data leakage issues and to invest in the economy – is leading recruitment efforts now.

This is not necessarily good news for the US or other international hopefuls (government generally requires candidates to be vetted). It is good news for people on the move in the UK. Some sectors are holding steady – healthcare, pharmaceuticals, oil and gas, even retail, boosted by PCI.

Companies that have only recently embraced information security as a priority because of something like PCI, have put people in place who are having a bigger influence over their employers' recognition of risk and adding to the demand for new people in this field.

Some specialist fields are also in demand: good penetration testers, forensics experts and secure software development specialists. There is a serious shortage of people with the right qualifications for the last, given the growing dependency on web-based applications.

Competition for most roles has skyrocketed. We typically see 40 solid candidates for a given role, compared to half a dozen a few years ago. People must ensure they have qualifications to avoid being filtered out. Emphasis is on hands-on experience, even for management – employers want people to do both.

And finally, skills should be kept up to date and new skills acquired. CVs should only show current skills and skills you wish to be quizzed on. For senior roles, we now see a three-phase interview process, with a specialist examining you on the softer skills, another drilling down on the technical knowledge and perhaps the hiring executive ensuring you match the organisation's culture. The interviewee should focus on what they are expert at now, relevant to the role they are applying for, and not be sidetracked by a discussion of something they used to do but would have to brush up on.

While upheaval cannot be denied, skilled information security professionals continue to be in demand, giving us all good reason to be optimistic.