Monday, August 17, 2009

Security job security Security: Risk and Reward

Security job security

Security: Risk and Reward By Andreas M. Antonopoulos

It's a good time to work in the security field. Nemertes has completed it's research benchmark for the first half of 2009, incorporating interviews with IT and security executives during a recession. The research participants told us that they consider security and compliance spending to be "recession proof", third only to data network and voice/telecom spending. So you keep the data flowing and the phones ringing because you have to. The next area you do not cut, under any circumstances, is security and compliance. While security spending is steady, more and more of it is justified by regulatory compliance. Nevertheless, security paychecks are solid, retention is high and security skill shortages are acute.

In 2009, security paychecks were higher than other categories of IT employees. Our research participants reported the average salary for a senior security professional across the United States as $94,894, while a junior security person will make on average $62,500 per year. Security professionals earn approximately 8% higher salaries than other categories of IT professionals benchmarked in our study. Higher salaries should mean that it is easy to attract top talent, especially in a recession. Yet, surprisingly, more than 20% of companies benchmarked were having difficulty finding and hiring the right security skills. In fact, one fifth of companies have stalled projects because of skill shortages. The hiring difficulties are most acute for companies headquartered outside the United States, where shortages are a universal problem. In the United States, the problem is most acute in the Midwest where 72% of companies are finding it hard to hire the right skills. The West is slightly better with 60% of companies facing some skills shortage. The Eastern U.S. region is the only area where a majority of companies are reporting no skill shortages. Pack your bags, honey, we're heading west!

Another area where security professionals can find jobs is the managed security services and professional services market. Use of managed security services is increasing, with organizations seeking managed security services at a 6% higher rate than in 2007. Despite the recession, or perhaps because of the skills shortage, more companies are looking for outside help. The managed security services companies are therefore even more likely to be hiring competent professionals.

Compliance is driving security spending, the top driver in fact in more than 60% of organizations benchmarked. Compliance (audit results) is also used as the primary metric of success in more than 64% of organizations benchmarked. So if you are a security professional and you want to keep earning those higher salaries, brush up on regulatory compliance. Learn your CFRs and your ISOs and your PCIs and you will be indispensable.

The recession hits all professions and makes it harder for all of use to find employment or stay employed. But security professionals can breathe more easily. Our skills are in high demand, our retention is higher, our salaries are higher and there is growth in some parts of the business, such as professional and managed services

No comments: