IT technical skills

Information security: Technical skills highest in demand

Warwick Ashford

Salaries for most information security professionals are continuing to trend upward as demand increases, particularly for technical skills.

According to the latest figures from recruitment specialist Acumin, the skills most in demand are in application security and security architecture.

Demand for application security skills is related to an increasing number of organisations doing business on e-commerce platforms and using applications on mobile devices that need to be locked down.

Skills in incident management, incident response, and security information and event management (SIEM) are also among the most sought-after as organisations see an increase in attacks.

“These types of skills are in huge demand. They are also the hardest to find, and have consequently seen the greatest increases in remuneration,” said Chris Batten, joint managing director of Acumin.

The highest demand is for skills in application security and security architecture

“Anything relating to incident management: reverse engineering of malware, the response to incidents, the forensic analysis of the network and post-incident analysis. We are finding that organisations are really gearing up, including consultancies,” he said.

Perhaps the only exceptions to the upward salary trend, he said, have been at the senior end, where there are more candidates on the market, but the drop-off has been has been fairly slight.

The rise and fall of IT security salaries 

Demand is highest for middle-range candidates, where salaries have been driven by a lack of supply, which Batten ascribes in part to the decline in the number of UK engineering graduates in the past three to four years.

Not only is demand for information security increasing as it becomes more embedded within organisations’ architectures and projects, he said, but at the same time the decline in the number of engineering graduates has meant fewer are feeding into information security.

Another exacerbating factor is that in recent years information security has been failing to bring in people at the apprenticeship level, making it difficult to meet market demand for professionals with two to three years’ experience.

“There was not enough investment in the past two to three years in developing middle-range candidates. Therefore they are very scarce,” said Batten.

In terms of skills demand, the only areas of tail-off in the past year have been in the public sector, as a result of general cuts in spending, and in the less technical aspects of information security.

“Although we expect things to change towards the end of the year, for the past year public sector spending has been flat at best, particularly for consultants,” said Batten.

Security service providers and suppliers

The biggest salary increases paid by security service providers and suppliers is for sales staff. “We have seen continued increase in the demand for good enterprise sales people, both direct and in the channel,” said Chris Batten, joint managing director of Acumin.

There has been a real shift in the more traditional routes to market for suppliers from value added resellers into cloud service providers and datacentre providers, he said. “Consequently, we have seen an increase in the demand for good channel people who understand the value of things like cloud computer and virtualisation.”

This trend has been accelerated in the past year as security suppliers have started talking about the value of embedding security products in cloud services and e-commerce platforms, said Batten. “Channel focus has to change as they are now selling to companies that provide those services,” he said.

Information security spending in recent months has also tended to be more in terms of plugging holes, he said, rather than long-term strategy.

Consequently, there has been a decline in demand for skills in information security management, policy and standards. Also information risk, security management and compliance. “We are seeing a fall in both permanent salaries and contract rates on offer in these areas, particularly for contract work,” said Batten. 

Despite this trend, PCI-DSS skills seem to have increased in demand after being in the doldrums for the past year.

Although contract rates have been down across the board, because contract work is usually associated with project work and most projects are still on hold, Batten said Acumin expects to see some improvement towards the end of the year.

The recruitment firm expects the trend towards technical skills to continue, but several other specific areas such as e-discovery, for example, are likely to also emerge.

Acumin also expects the general demand for information security professionals to continue, if not increase, towards the end of the year.

Despite the recession, we are registering more jobs as security becomes increasingly important

Chris Batten, joint managing director, Acumin

“Despite the recession, we are registering more jobs as security becomes increasingly important,” said Batten.

“However, employers are getting very picky about it. They want someone they can get the most out of without paying top rates,” he said.

This is one of the biggest drivers of the demand for people with mid-range skills and experience. But, according to Batten, there are just not enough people to meet that demand.



Image: Thinkstock


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy