Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Lack of available IT security skills despite economy

ISC Squared : 05 June, 2009  (Technical Article)
(ISC)2 skills survey uncovers hiring difficulties continuing in certain specific IT security skills such as information risk management and access control systems
The final results of a survey conducted by (ISC)2 suggests that information security professionals can look forward to a future with new jobs coming onto the market and fewer expected budget cuts. The survey also indicated, however, that hiring managers are struggling to fill positions as candidate salary expectations and skill levels do not meet current demand.

Of the more than 2,800 (615 EMEA) professionals participating in the survey, 775 had hiring responsibilities, with 44 percent of those looking to hire additional information security staff this year and over 11 percent planning to add more than three people. The areas of expertise most sought after by those seeking candidates were (in order of highest demand) operations security, information risk management, access control systems and methodology, applications and systems development security, and security management practices.

Despite economic conditions, over 80 percent of hiring managers identified that they are challenged in their efforts to find the right candidate. The range of concerns included a lack of desired skills or lack of available professionals within a local area; poor cultural fit; and salary demands that were too high for available budgets, particularly from people who had previously worked within the troubled financial services sector.

"Demands on professionals are changing. Companies want more for their investment, and professionals need to keep their skills and expectations in line with what businesses are looking for," said John Colley, CISSP, managing director for EMEA, (ISC)2 . "Training and professional development will be essential for individuals as they manage their careers in this tough economy."

(ISC)2 conducted the survey in April and May 2009 to gain insight on the impact the economic downturn is having on its certified membership and their employers. Members were queried about the effect on various budgets and their organisation and asked about their expectations for the future. They confirmed that outsourcing is having an impact but that activity on this front may be slowing - 30 percent had reported increased levels of outsourcing of security functions, while only 18.7 percent expected the situation to worsen in the next six months. Confirming preliminary findings released in April, budget cuts may also be slowing.

Over two-thirds (nearly 72 percent) of respondents said their information security budgets had been reduced in the six-month period from October 2008 - March 2009, and roughly half (53.6 percent) revealed that their information security departments had experienced at least one lay-off in the past few months. Looking forward, 62 percent said they did not expect any additional information security budget cuts for the remainder of the year, while nearly 9 percent expected an increase. Just over 59 percent said no additional personnel cuts would be forthcoming the remainder of the year.

"In this environment, companies may be tempted to make rash security decisions made in the panic to cut costs. Organisations are advised to proactively analyse how cuts affect their risk profile and avoid costly repercussions resulting from breaches and mandated reparations," said Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS, executive director for (ISC)2.

The survey confirms that companies are making their adjustments at a time when they are experiencing more attacks. Organisations have experienced an increased impact during the economic downturn across several fronts, including internal hacking against the system (18.4 percent); external attacks against the system (33.3 percent); theft of intellectual property (27.8 percent); and fraud and embezzlement (28.3 percent).

(ISC)2 conducts research regularly to gain insight on the state of the information security workforce and offers programs of support for members seeking new employment and career enhancement. Current resources developed to support job seekers include:

* Free resume posting and job alerts to certified members on its Career Centre. Employers can post jobs and search resumes for free as well, giving them a direct line to an audience of qualified information security professionals.
* Career clinics bringing specialist recruiters and job seekers together in interactive sessions to discuss current market requirements.
* A "Career Incident Response" podcast series from The Information Security Leaders, an organization devoted to assisting information security professionals in their career development efforts, is being made available to members over six weeks on the (ISC)2 member site. The series is designed to help professionals recognise a potential "career incident," help prevent one in the future and effectively respond should they fall victim to unexpected job loss.

Initial results from the (ISC)2 career survey were released in late April with a promise to announce the final results upon the survey's completion.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo