The information security profession offers stability and mobility, according to the latest Career Impact Survey by industry and certification body (ISC)².
Only 7% of information security professionals were unemployed at any point during 2011, the survey of more than 2,250 practitioners revealed.
This is almost 100% employment because most of those who were unemployed were not working for personal reasons, said Richard Nealon, a member of the (ISC)² European Advisory Board.
“Although 27% reported an increased in layoffs in the field, we are simply seeing a high degree of mobility, mainly due to rationalisation in organisations, with anyone laid off finding employment almost immediately,” Nealon told Computer Weekly.
Nearly 70% of respondents reported a salary increase in 2011 and 55% said they expect to receive an increase in 2012.
The survey demonstrates that, even in tough economic times, information security professionals are in high demand by hiring managers, said W. Hord Tipton, executive director of (ISC)².
“The demand is from organisations who understand the skillsets of information security professionals are not only paramount to their organisation’s ability to conduct business, but also give them a competitive advantage,” he said.
In 2011, 72% said their organisations hired people specifically for information security roles, and 62% said they are planning to hire more contract or permanent infosec staff in 2012.
Of those hiring, 81% said an understanding of information security concepts is important, followed by technical skills (76%) and directly related experience (72%).
Hiring managers said the top skills they are seeking are operations security (55%), security management practices (52%), access control systems/methodology (51%), security architecture/models (50%), risk management (49%), telecom/network security (45%), applications/system development security (44%) and cloud/virtualisation (35%).
“The survey shows that broad-based information security professionals are in high demand, and anyone working in the sector should take every opportunity they can to broaden their current skills base,” said Nealon.
Despite the demand for information security professionals, he said it is often difficult for young people to get into the profession because most hiring managers are looking for people with experience.
For this reason, Nealon said (ISC)² is working with academic institutions and has set up scholarships to enable young information security professionals to get the technical skills and experience they require for more senior roles.
However, he said it is also up to individuals to take the initiative themselves to gain skills and experience, which may require going into big firms as interns and working for low or no pay.
“There are huge opportunities for people with passion who step up to the mark and get actively involved in the industry,” said Nealon.
More than half of respondents reported increased security risks in 2011, with 38% attributing most of that activity to mobile devices, but around 30% expect information security budgets and equipment purchases to increase in 2012.
“This data reflects the increase in security breaches we saw throughout 2011 and the fact that organizations, both in the public and private sector, are finally realising the importance of implementing sound security programs that should be run by experienced and qualified professionals,” said Tipton