Information Security Careers 2009: Where the Jobs Are

New Report Showcases Top Skills, Certifications, Roles for Experienced Professionals
Information Security Careers 2009: Where the Jobs Are
Jobs in information security -- including architects, analysts and administrators with hot skills and competencies -- are among the IT opportunities offering the most employment security in the current economy.

This is the news from Foote Partners, LLC, a Florida-based research consultancy that focuses on IT compensation and professional workforce trends. Foote has recently released its 2009 IT Skills Trends Report Update, providing analysis and predictions for the top IT skills, certifications and pay.

"The positive story for North American IT labor -- and a better indicator of overall performance in the IT workforce -- is demand trends for specific categories of IT skills," notes David Foote, CEO and Chief Research Officer. "Our trends survey research indicates that the recession has had only a minimal impact on demand for critical IT skills in the areas such as architecture, business process, information security, communications, e-commerce and several ERP and infrastructure specializations".

According to Foote, a few key drivers pushing the demand for information security workforce and career trends include:

  • Security as an enabler of business and data protection: Today, Information Security is more embedded as a critical piece of enterprise risk management, concerned with revenues, business priorities, compliance requirements, data protection and ongoing internal as well as external threats to the organization. As a result, IT security has matured into a new central role within the enterprise. Protecting the company from data loss, breaches and adverse publicity now means IT security going well beyond the traditional perimeter-focused technical role in firewall configurations and antivirus updates.

  • Increased customer awareness and demand for security: With disclosures of security breaches, intrusion and data loss hitting the news every day, customers demand that their vendors and service providers ensure proper security of their IT environment, products and services. Vendors today understand the gravity of risks to corporate reputation, goodwill and loss of customer confidence and, as good business practice, invest in information security to more effectively protect their customers' data and privacy.

  • Compliance and regulations: Federal laws and regulations including SOX, GLBA, FFIEC, FISMA mandate information security, auditing and data protection practices, increasing and sustaining long-term demand for specific security jobs and skills.

  • Risk of non-compliance: Intensifying fines and irrecoverable damages of company brand and reputation force companies to be compliant and invest adequately in security workforce needed to fulfill these requirements.

  • Popularity of virtualization: Accelerating demand for virtual storage, servers, applications and desktops is focusing attention on new security challenges that go well beyond those of the traditional physical computing environment.

The Most Demanded Skills
The security skills and aptitudes that attract the most interest from employers, according to Foote, are the more "hands-on" and technical ones, such as:

  • Forensic Analysis
  • Incident Handling & Analysis
  • Security Architecture
  • Ethical Hacking
  • Network Security
  • Security Management

The Most Demanded Competencies
Hand-in-hand with the most demanded skills come the top competencies needed on the job. These include:

  • Forensics
  • Identity and Access Management
  • Intrusion Detection and Prevention
  • Penetration Testing
  • Threat/ vulnerability Assessment Management
  • Litigation Support (e-discovery)
  • Disk and File Level Encryption Solutions
  • Data Leak Prevention
  • Application Security
  • Governance, Compliance & Audit

10 Most Valued Certifications
The following certifications appear in Foote Partner's Hot List of certifications that are most in demand now, and will likely continue to be through the end of the year:

  1. GIAC Certified Incident Handler
  2. EC-Council/Certified Hacking Forensics Investigator
  3. GIAC Certified Incident Manager
  4. Check Point certified Master Architect
  5. GIAC Certified Forensics Analyst
  6. GIAC Certified Intrusion Analyst
  7. Certified Information Systems Auditor
  8. GIAC Secure Software Programmer
  9. Systems Security Certified Practitioner
  10. Cisco Certified Security Professional

Top Information Security Jobs
The hottest roles include those IT/ security experts who can use business, technology and regulatory compliance experience and knowledge to help drive profit. "For example, with vulnerabilities now rapidly shifting from the operating system to the web browser," Foote says, "demand for proactive secure software and web systems development is growing, driving skills acquisition in access controls, data integrity, system integration, and data loss prevention as well as solutions requiring specialized Java, .Net, C++, and injection coding."

Top jobs, including baseline requirements and potential compensation, include:

1. Security Architect - 10-15 years as an IT professional with seven years in information security, including policy (NIST, DHS), modeling, information security regulatory and compliance (SOX, PCI), with hands-on security technical engineering and operations background.
National Average Salary (64 cities) - $110,150
Bonus - 6%-15% of base salary

2. VP/Director, IT Security - 10-15 years as an IT professional with at least 10 years security infrastructure protection experience and multi-platform knowledge, including minimum of five years security and audit experience with solid knowledge in Sarbanes Oxley compliance, corporate security and network policies and procedures having direct interaction with executive management.
National Average Salary (64 cities) - $170,493
Bonus - 10%-18% of base salary

3. Manager, IT Security - Minimum eight years IT senior professional with at least five years security infrastructure protection experience including multi-platform knowledge - evaluating IT infrastructure and applications and strong experience with identity management solutions, data administration and security methods.
National Average Salary (64 cities) - $118,634
Bonus - 8%-16% of base salary

4. Web Security Manager - six - eight years as an IT senior professional with a broad range of exposure to all aspects of business planning, systems analysis, and application development. At least three years of security experience, including data administration security methods and database design techniques along with strong operational and security knowledge in multi-platform environments.
National Average Salary (64 cities) - $110,718
Bonus - 10%-16% of base salary

5. Data Warehouse and Business Intelligence Security Manager - six - eight years as an IT senior professional with at least two years of security experience infrastructure protection experience including multi-platform knowledge, including data administration security methods and database design techniques.
National Average Salary (64 cities) - $116,276
Bonus - 6%-12% of base salary

6. Senior Security Analyst - Minimum seven years as an IT professional with at least four years of security infrastructure protection and information security audit experience with expertise in multi-platform operational security, as well as data administration and database security methods.
National Average Salary (64 cities) - $94,319
Bonus - 6%-12% of base salary

7. Security Analyst - Minimum five years as an IT professional with at least two years of security infrastructure protection and information security audit experience with expertise in multi-platform operational security, as well as data administration and database security methods.
National Average Salary (64 cities) - $84,560
Bonus - 5%-11% of base salary

8. Senior Security Administrator - Minimum seven years as an IT professional with at least three years of systems security experience, preferably as an administrator working with multi-platform environments, including strong expertise in network administration and security infrastructure protection techniques.
National Average Salary (64 cities) - $81,367
Bonus - 6%-10% of base salary

9 Security Administrator - Minimum five years IT senior professional with one-two years of systems security experience, preferably as an administrator working with multi-platform environments, including solid knowledge of network administration and security infrastructure protection techniques.
National Average Salary (64 cities) - $70,400
Bonus - 4%-7% of base salary

"The compliance drumbeat will always support a certain number of security skills and jobs demand long term," Foote says. "But information security careers are starting to be driven more by companies looking to hire and retain hybrid business and technical security professionals across all security functions.

"Company brands, reputations, revenues, and profits are at stake," he adds. "Security professionals need to be more in tune with an organization's business and not just the traditional IT operational and security functions."


About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.




Around the Network