Survey: Security Salaries Are Up
Government is hiring specialists
The survey also confirmed that the U.S. government is hiring many information security professionals this year.
The International Information Systems Security Certification Consortium, Inc., (ISC)² released its 2010 Career Impact Survey Results at the RSA Conference in San Francisco.
The (ISC)2 2010 Career Impact Survey, conducted in December and January, attracted almost 3,000 respondents from 80 countries, including about 700 respondents from the U.S. government.
Some 53% of those surveyed said they received salary increases in 2009, while only 5 percent had a cut in their salary or benefits last year.
Reasons behind raises
"Salaries rose in 2009 and hiring is expected to increase in 2010 because top companies and government agencies have realized information security professionals are critical to effective security," says Marc H. Noble, (ISC)2 director of government affairs.
Given the Obama Administration's growing emphasis on cybersecurity, the job outlook for information security professionals within the federal government remains strong.
Some 60 percent of federal managers said they plan to hire two and more information security professionals in 2010, and 61 percent of those indicated they are hiring professionals with expertise in certification and accreditation.
About 47% of hiring managers from various sectors surveyed worldwide said they were seeking recruits who are well-versed in information risk management.
Skills sought
The hiring managers from various sectors worldwide also said that they were looking for candidates with specific skills in:
- Security architecture and models;
- Applications and system security development security;
- Operations security, access control systems and methodology;
- Telecommunications and network security; and
- Information risk management and security management practices
Nearly 80% of hiring managers said their biggest hiring challenge was finding candidates with the right skills and level of experience.
To fill this gap in hiring information security professionals, Noble suggests "focusing recruiting efforts on students with potential in the field, as well those working adults in related fields who have both work experience and business acumen."
Among other key findings:
- Some 47% of those surveyed expect no change in their information security budgets for 2010. By comparison, about 51% of respondents reported that their budgets had been reduced somewhat or significantly last year.
- Close to 33% of respondents believe the economic downturn is causing an increased security risk within their organization. Some 31% of these respondents identified outside attacks from hackers as the most common security risk attributed to the economic downturn.
- Employee misconduct (38%) was considered the second most common risk by responders who believed there was an increased security risk in their organization.
- Some 48% of respondents said the average time to hire and find the right candidate for an information security position is one to three months.