(ISC)2, the leading information security certification body, have just published the findings of a survey of the information security job market. Their results indicate that the outlook for profession remains healthy, with new jobs coming onto the market and fewer expected budget cuts. In fact, the findings showed that managers are struggling to fill positions because of skill shortages and excessive salary demands from former banking sector staff.
These findings come as no surprise. The market for information security professionals is one that continues to grow to meet the demands of an expanding problem space. Being primarily driven by incidents and compliance, this growth is neither steady nor smooth. And skills shortages are inevitable in a subject area that’s new, complex and constantly changing. Investment in education and training has also been is short supply for far too long. Companies today rarely invest in staff training, so individuals must manage their own professional development.
All these trends indicate that the market for information security skills and services is likely to be an inefficient one for many years to come. But that’s not all bad. As a successful, self-made millionaire once pointed out to me, there’s money to be made in inefficient markets.