Information Security Careers 2009: Where the Jobs AreNew Report Showcases Top Skills, Certifications, Roles for Experienced Professionals
This is the news from Foote Partners, LLC, a Florida-based research consultancy that focuses on IT compensation and professional workforce trends. Foote has recently released its 2009 IT Skills Trends Report Update, providing analysis and predictions for the top IT skills, certifications and pay.
"The positive story for North American IT labor -- and a better indicator of overall performance in the IT workforce -- is demand trends for specific categories of IT skills," notes David Foote, CEO and Chief Research Officer. "Our trends survey research indicates that the recession has had only a minimal impact on demand for critical IT skills in the areas such as architecture, business process, information security, communications, e-commerce and several ERP and infrastructure specializations".
According to Foote, a few key drivers pushing the demand for information security workforce and career trends include:
- Security as an enabler of business and data protection: Today, Information Security is more embedded as a critical piece of enterprise risk management, concerned with revenues, business priorities, compliance requirements, data protection and ongoing internal as well as external threats to the organization. As a result, IT security has matured into a new central role within the enterprise. Protecting the company from data loss, breaches and adverse publicity now means IT security going well beyond the traditional perimeter-focused technical role in firewall configurations and antivirus updates.
- Increased customer awareness and demand for security: With disclosures of security breaches, intrusion and data loss hitting the news every day, customers demand that their vendors and service providers ensure proper security of their IT environment, products and services. Vendors today understand the gravity of risks to corporate reputation, goodwill and loss of customer confidence and, as good business practice, invest in information security to more effectively protect their customers' data and privacy.
- Compliance and regulations: Federal laws and regulations including SOX, GLBA, FFIEC, FISMA mandate information security, auditing and data protection practices, increasing and sustaining long-term demand for specific security jobs and skills.
- Risk of non-compliance: Intensifying fines and irrecoverable damages of company brand and reputation force companies to be compliant and invest adequately in security workforce needed to fulfill these requirements.
- Popularity of virtualization: Accelerating demand for virtual storage, servers, applications and desktops is focusing attention on new security challenges that go well beyond those of the traditional physical computing environment.
The Most Demanded Skills
The security skills and aptitudes that attract the most interest from employers, according to Foote, are the more "hands-on" and technical ones, such as:
- Forensic Analysis
- Incident Handling & Analysis
- Security Architecture
- Ethical Hacking
- Network Security
- Security Management
The Most Demanded Competencies
Hand-in-hand with the most demanded skills come the top competencies needed on the job. These include:
- Identity and Access Management
- Intrusion Detection and Prevention
- Penetration Testing
- Threat/ vulnerability Assessment Management
- Litigation Support (e-discovery)
- Disk and File Level Encryption Solutions
- Data Leak Prevention
- Application Security
- Governance, Compliance & Audit
10 Most Valued Certifications
The following certifications appear in Foote Partner's Hot List of certifications that are most in demand now, and will likely continue to be through the end of the year:
- GIAC Certified Incident Handler
- EC-Council/Certified Hacking Forensics Investigator
- GIAC Certified Incident Manager
- Check Point certified Master Architect
- GIAC Certified Forensics Analyst
- GIAC Certified Intrusion Analyst
- Certified Information Systems Auditor
- GIAC Secure Software Programmer
- Systems Security Certified Practitioner
- Cisco Certified Security Professional
Top Information Security Jobs
The hottest roles include those IT/ security experts who can use business, technology and regulatory compliance experience and knowledge to help drive profit. "For example, with vulnerabilities now rapidly shifting from the operating system to the web browser," Foote says, "demand for proactive secure software and web systems development is growing, driving skills acquisition in access controls, data integrity, system integration, and data loss prevention as well as solutions requiring specialized Java, .Net, C++, and injection coding."
Top jobs, including baseline requirements and potential compensation, include:
1. Security Architect - 10-15 years as an IT professional with seven years in information security, including policy (NIST, DHS), modeling, information security regulatory and compliance (SOX, PCI), with hands-on security technical engineering and operations background.
National Average Salary (64 cities) - $110,150
Bonus - 6%-15% of base salary
2. VP/Director, IT Security - 10-15 years as an IT professional with at least 10 years security infrastructure protection experience and multi-platform knowledge, including minimum of five years security and audit experience with solid knowledge in Sarbanes Oxley compliance, corporate security and network policies and procedures having direct interaction with executive management.
National Average Salary (64 cities) - $170,493
Bonus - 10%-18% of base salary
3. Manager, IT Security - Minimum eight years IT senior professional with at least five years security infrastructure protection experience including multi-platform knowledge - evaluating IT infrastructure and applications and strong experience with identity management solutions, data administration and security methods.
National Average Salary (64 cities) - $118,634
Bonus - 8%-16% of base salary
4. Web Security Manager - six - eight years as an IT senior professional with a broad range of exposure to all aspects of business planning, systems analysis, and application development. At least three years of security experience, including data administration security methods and database design techniques along with strong operational and security knowledge in multi-platform environments.
National Average Salary (64 cities) - $110,718
Bonus - 10%-16% of base salary
5. Data Warehouse and Business Intelligence Security Manager - six - eight years as an IT senior professional with at least two years of security experience infrastructure protection experience including multi-platform knowledge, including data administration security methods and database design techniques.
National Average Salary (64 cities) - $116,276
Bonus - 6%-12% of base salary
6. Senior Security Analyst - Minimum seven years as an IT professional with at least four years of security infrastructure protection and information security audit experience with expertise in multi-platform operational security, as well as data administration and database security methods.
National Average Salary (64 cities) - $94,319
Bonus - 6%-12% of base salary
7. Security Analyst - Minimum five years as an IT professional with at least two years of security infrastructure protection and information security audit experience with expertise in multi-platform operational security, as well as data administration and database security methods.
National Average Salary (64 cities) - $84,560
Bonus - 5%-11% of base salary
8. Senior Security Administrator - Minimum seven years as an IT professional with at least three years of systems security experience, preferably as an administrator working with multi-platform environments, including strong expertise in network administration and security infrastructure protection techniques.
National Average Salary (64 cities) - $81,367
Bonus - 6%-10% of base salary
9 Security Administrator - Minimum five years IT senior professional with one-two years of systems security experience, preferably as an administrator working with multi-platform environments, including solid knowledge of network administration and security infrastructure protection techniques.
National Average Salary (64 cities) - $70,400
Bonus - 4%-7% of base salary
"The compliance drumbeat will always support a certain number of security skills and jobs demand long term," Foote says. "But information security careers are starting to be driven more by companies looking to hire and retain hybrid business and technical security professionals across all security functions.
"Company brands, reputations, revenues, and profits are at stake," he adds. "Security professionals need to be more in tune with an organization's business and not just the traditional IT operational and security functions."