Salaries for information security professionals remained steady from the middle to the end of 2011, with little change in rates paid for new appointments, but while most people were happy to hang on to their jobs last year, in 2012 more workers are now looking to make a move.
It gives end-user companies a bit more ammunition when they push for more money for security
in their organisations.
The findings come from the November 2011 snapshot of the employment market by specialist recruitment consultancy Acumin. They show the lowest recorded level of pay fluctuation since 2008. (SearchSecurity.co.UK began a partnership with Acumin to report IT security pay rates in the UK security market in 2008.)
Chris Batten, managing director at London-based Acumin, said despite the flat pay levels, more people are looking to change jobs in the hope of improving either pay or working conditions.
“My feeling is that people are feeling frustrated," Batten said. "They have been under the cosh for a while, and companies are using the current reported economic situation to push their staff harder, and restrict travel and expenses.”
Batten said an increasing number of candidates are submitting CVs. At the same time, companies are advertising more vacancies. “A lot of companies want to recruit, but salaries and packages are not being increased,” he said.
Earlier in 2011, the public sector and large corporations imposed austerity measures and froze recruitment, Batten said, and most new recruitment, including information security recruitment, was confined to small- and medium-sized companies.
“August was extremely quiet, but now the picture is changing," he said. "The SMEs have done their recruiting and now the larger organisations, both vendors and end-user companies, are beginning to recruit more.”
According to Batten, the upswing in recruitment is happening across IT industry sectors, and mainly entails companies starting to rebuild their security teams, adding one or two new people at a time. Batten said the general higher awareness of security breaches and the government’s promotion of cybersecurity in various programmes helped bring the subject to the attention of senior management, and thereby helps CISOs justify increasing their headcounts.
“When the government discusses this subject, whether it’s talking about cybercrime or cyberbullying at schools, it gives end-user companies a bit more ammunition when they push for more money for security in their organisations as well," Batten said. "Although the public sector is not spending, its voice is having a good effect on the rest of the market.”
Most companies would prefer to increase their permanent headcount of security people, but where budgets are tight, companies are taking on more contract staff to help with specific short-term needs. This is why, for the first time, the Acumin data includes pay levels for contract staff, as shown in the accompanying table. The table shows the daily rates that contractors might expect to earn in a range of different roles. The figures do not include agency commission the client company would pay.
Batten said he expects contract day rates to begin climbing over the coming months, although they will not reach levels seen before the credit crunch of 2008.
“Day rates for contracts have taken a big hit over the last three years, and remain flat at the moment,” he said. “I expect them to start to rise, although we won’t go back to the days when a CLAS consultant’s rate could be £650 a day.”