The 20 Hottest Security Skills and Competencies

Application Security and Biometrics on the 2010 Wish List What will be the hottest skills and competencies within information security in 2010?

Application security and biometrics are among the in-demand skills, according to the latest quarterly published list of the 2009 IT Skills Pay and Demand Trends Report by Foote Partners, LLC.

Unlike other technology job segments, there will be plenty of action for IT security workers in 2010 as employers -- constrained by hiring restrictions -- narrow their search to specific skills and competencies.

"Biggest news is that information security is our top pick in 2010 for 'best place' to be in IT," says David Foote, CEO and chief research officer of Foote Partners.

"Organizations are more focused on filling critical skill needs than jobs in 2010," Foote says.

As employers increasingly hone in on the skills they most critically need, they identify the work, followed by identifying which hard and soft skills are needed to get that work done. Finite resources and business pressure for quicker, high-impact, predictable execution will dictate expeditious retaining, hiring or even renting skills to fill the gaps with full-time or part-time employees, contractors, consultants or managed security services in some instances.

According to Foote, a few key drivers pushing the demand for information security workforce and career trends in 2010 include:

  • Security as an enabler of business and data protection: Today, Information Security is more embedded as a critical piece of enterprise risk management. As a result, IT security has matured into a new central role within the enterprise and opened the door for security positions requiring more of a business or product development orientation. Protecting the company from data loss, breaches and adverse publicity now means IT security going well beyond the traditional perimeter-focused technical role in firewall configurations and antivirus updates.

  • Increased customer awareness and demand for security: With disclosures of security breaches, intrusion and data loss hitting the news every day, customers demand that their vendors and service providers ensure proper security of their IT environment, products and services. Organizations today understand the gravity of risks to corporate reputation, goodwill and loss of customer confidence and, as good business practice, invest in information security to more effectively protect their customers' data and privacy.

  • More compliance and regulations: Federal laws and regulations including SOX, GLBA, FFIEC, FISMA mandate information security, auditing and data protection practices. They are expanding, increasing and sustaining long-term demand for specific security jobs and skills.

  • Risk of non-compliance: Intensifying fines and irrecoverable damages of company brand and reputation force companies to be compliant and invest adequately in security workforce needed to fulfill these requirements.

  • Increased demand for managed services: Impressive three-year growth projections mean momentum will build even more in 2010 for a variety of managed IT security services, increasing demand for jobs and skills acquisitions principally in the IT services industry.

The Top 20

The security skills, aptitudes and competencies that are likely to attract the most interest from employers in 2010, according to Foote, are both hands-on technical and business-specific. In alphabetical order they are:

  1. Application Security
  2. Biometrics
  3. Data Leak Prevention
  4. Disk and File Level Encryption Solutions
  5. Ethical Hacking
  6. Forensic Analysis
  7. Governance, Compliance & Audit
  8. Identity & Access Management
  9. Incident Handling & Analysis
  10. Intrusion Detection and Prevention
  11. Litigation Support (e-discovery)
  12. Network Security
  13. Penetration Testing
  14. Regulatory Compliance & Audit
  15. Secure Code Development
  16. Security Architecture
  17. Smart cards, Disposable Passwords, Tokens
  18. Threat/ Vulnerability Assessment Management
  19. VOIP Security
  20. Web Content Filters

"In 2010, jobs will largely be based on skill applicability," says Foote. If potential job seekers go by the traditional job search by title, they are sure to miss potential job opportunities. "Let skills lead your job search, and build your presence on social media sites to engage the attention of hiring organizations."


About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.




Around the Network