Salaries are beginning to bounce back for most information security job professionals as companies start to recruit once more and the economy moves slowly out of recession.
|Click here for full stats (.pdf)|
According to the latest quarterly information systems security salary figures from recruitment specialist Acumin Ltd., middle-ranking technical professionals are in particular demand, both in consultancies and end-user companies. However, with the long-flagged cuts in public-sector spending, demand for consultants is down, and top managers' salaries at some consultancies have tumbled as a result.
"We are starting to see real growth in the market," said Chris Batten, joint managing director of Acumin. "This is not just replacing people or correcting an overshoot of redundancies, it is genuine growth. Companies are now seeing an urgent need to get staff on board."
While companies are still quite aggressive in their requirements for new staff, he said, the need to take on new people to get work done is forcing them to be slightly more flexible.
SearchSecurity.co.uk and Acumin have been tracking salary movements over the last 18 months for a broad range of job categories in information security, including end-user sites, consultancies and vendors. Starting at the depth of the credit crunch of 2008, the exercise has taken a quarterly snapshot of the jobs market, based on actual salaries paid for new vacancies rather than advertised salaries.
In recent quarters, while the private sector has largely maintained a recruitment freeze, the public sector has remained buoyant, fuelling demand for consultants with public sector experience. That situation now appears to be reversing.
We are starting to see real growth in the market. Companies are now seeing an urgent need to get staff on board.
joint managing directorAcumin Inc.
"In the public sector, we have seen a huge drop-off in demand for everyone from public-sector-focused salespeople through to consultants working in the public sector. I think this was in anticipation of the government cuts," Batten said.
Even with the government's recent review of security, which identified cyberwarfare as a major threat, public-sector spending is likely to remain flat for some time, he added.
By contrast, private-sector companies are actively recruiting to rebuild the strength of their security teams. The financial services industry, which offloaded a large number of people during the recession, is especially active. "There is visible buoyancy and attitude change in financial services," Batten said. "They are now saying they need new solutions, products and staff."
Smaller companies are also starting to recruit security people in larger numbers. "The gap is narrowing between an SME security manager and one at a larger company," he said, adding that it suggests smaller companies see increasing value from investing in security.
Data from previous quarters appeared to suggest employers favour people with good presentational and managerial skills, who would be able to sell security to the board and the rest of the business. Risk assessment skills also enjoyed a brief period of high demand.
However, the latest figures show a renewed demand for experienced people with strong technical skills, both in consultancies and in end-user sites. At the same time, demand for juniors is flat, and some top manager salaries have dropped slightly. Application security is receiving a high level of attention, said Batten, and so relevant experience in that area is commanding a high premium.
View this chart for the full analysis of salaries (.pdf).