Security recruitment is trending upwards, according to recent UK-specific IT security salary data from Acumin Ltd. In this interview, Acumin's Founder and Managing Director of Operations Chris Batten discusses the trends, including which areas of information security are most likely to continue growing.
More IT security salary data
- Information security salary survey 2008
Read the full text transcript from this video below. Please note the full transcript is for reference only and may include limited inaccuracies. To suggest a transcript correction, contact firstname.lastname@example.org.
IT security salary data: Security recruitment growing
Chris Batten: Generally, 2009 was very dead for them, hardly any
recruitment, obviously, quite a lot of redundancies. We have seen
that now to be slightly more balanced recruitment, bringing
new skills in and an acceptance of technical skill sets actually
whereas previously it was very much focused on more the policy side.
The consultancies have certainly changed attack. Again, we were
recruiting heavily perhaps 18 months ago, then it completely went
dead for some time. Again, a slight swing in skill sets, I would say for
more the policy-orientated and strategic side of information risk
management through to what is now quite a technically focused
consulting team. From the vendor's side we saw, or we continue
to see a lot of consolidation, a lot of acquisitions happening, that
obviously affects the recruiting market quite heavily. Again, over
the last 18 months you have probably seen a significant dip to an
increase in recruiting across the board. Whether or not that is now
in preparation for a likely increase in demand, or whether it is
response to an increase in demand, but those services and products,
who knows yet.
In the consultancy, absolutely. We have found that those drops
off a cliff literally now, as we speak, particularly in the local
authority areas. There are obviously some aspects of central
government and MOD that is that have been asked to expand,
it is critical for them to do so, which is keeping those skill
sets alive in the consultancies and obviously in the product
Yes. I would say, again, the change from being more of a
strategic policy long-term view, certain terms of recruitment
certainly has changed to, ‘I need a gap. I need something filled.
It is a technical solution that I need to implement or make the
most of, and/or I need to recruit to achieve a specific aims rather
than objectives, so I need to get compliance with PCI, for example.
’Short-term, ‘I need to fill something now.’ That, I would say is
the trend of recruitment from the end user that we have at the moment.
I would like to think it would continue because I think technology
and security have had a bit of rough time of it, as of late. We
would like to see it continue. What we are seeing is a lot more
security vendors and search providers coming into specifically Europe
and UK is a big part of that, and therefore, they will be touting their
products and services to end users who hopefully all go and by.
That technology, that technical appreciation within security I would like
to see continue, and I think it will do. It will perhaps move from tactical
operational technologies into maybe larger-scale, longer-term solutions
such as IDM, for example. Yes, I think the technology element is so
integrated now within a lot of the CISO’s control. I think we have seen
that just because of people moving out of the markets through
redundancy, and these things are having to control more. It is
because of that close-knit community, I think those demands will
I believe with two years of experience, up to five or six years of
experience, is really where the demand is, and as we know,
where the demand is it is always in short supply, as well, so they
are tending to push those mid-range salaries higher. The lower
end is pretty stable, if not dipping slightly. Again, maybe like a
training budget for bringing new graduates on, I am speculating,
and the higher end, there is not a significant demand for a CISO
level position, currently. I think those guys are probably well
imbedded, and weather the storm fairly well.
There is always short-term ones like PCI, any kind of compliance
armour. Whether or not that is for the longer-term, I do not know.
A good ground-in with someone with two years is going to be
something like a CSSPI, which gives you the whole range of skill sets,
or which you have to know the whole range of skill sets in order to find
that product cache. We are seeing that those types of qualifications are
becoming more important, not necessarily essential, but more important
for both the consultancies particularly, but also the end user community.
That and a good appreciation of technology to get out there, have a look at
what is available, what is on market, and the hot spots. I mentioned IDM
earlier, perhaps Top Solutions, and see how they are
integrated with an organization to solve specific elements of a risk
We are recruiting all across Europe. We have seen a significant demand
across Europe, not just in the UK, so that tells us that the market is
buoyant, not just a specific area of the UK or a specific geography.
Again, I mentioned earlier, there are more vendors now willing to open
in the market. Reverse psychology says that therefore there is more
investment or investment happening within the security market,
again, to market is an industry feeling that we are getting. It is not, I do not
think, a short-term growth or replacement strategy. This, I think it is an
increase in the market. Yes, I can put my back on the line and say I think
it is going to continue, maybe not at the rate that it is, but I think it will
continue to grow.