IT Security Pros Saw Salary Growth in 2009, Plan 2010 Hires

To say 2009 was a tough year for American workers would be an understatement. But if you asked information security professionals how things went for many of them in the past year, a majority would say they held their own. In fact, 55 percent of U.S.-based security professionals recently surveyed by (ISC)²—pronounced "ISC Squared"— actually saw salary increases in 2009, according to a report released March 4.

The report polled over 3,000 global technology security professionals—1,800 of them from the United States. (ISC)² is a nonprofit professional organization for the security industry with 66,000 members globally.

"The results from our latest Career Impact Survey show that in a very difficult economic environment, organizations are placing an even higher value on the work that information security professionals do," W. Hord Tipton, executive director for (ISC)², said in a statement. "It's a sign of the private and public sectors' ever-increasing dependence upon the stability and security of the online world, providing a plethora of career opportunities for knowledgeable, qualified, motivated security professionals."

Nearly 800 of those polled for the survey claimed to have hiring authority, with 50 percent of U.S.-based managers polled saying they expect to hire either full-time employees or contractors in 2010. This is a roughly 6 percent jump from last year's report. In the United States, these hiring managers said they expect to hire three or more security professionals, whereas in 2009 only 13 percent said they would be hiring three or more.

U.S. Respondents were from a wide range of industries, including government (37.8 percent), IT (24.2 percent), professional services (18.2 percent), telecommunications (6.2 percent) and banking (8.2 percent).

Research analyst David Foote of Foote Partners was recently interviewed in a podcast in which he talked about the demand for security jobs in 2010 based on his company's research on IT skills, salaries and certifications. Foote said:

"We track the value of skills and premium pay for skills, and the only segment of IT that has actually gained value, since the recession started in 2007, is security, and it has been progressive. We haven't seen a downturn in its value in one quarter ... It is a tremendous place to be right now. We've asked people exactly what skills they're hiring, and they have given us this list: forensics, identity and access management, intrusion detection and prevention systems, disk file-level encryption solutions, including removable media, data leakage prevention, biometrics, web content filters, VoIP [voice over IP] security, some application security, particularly in small to medium-sized companies, and governance, compliance, and audit."

One of the most telling statistics gathered by the (ISC)² report is the admission by 34 percent of U.S. security workers polled that they think the economy's negative impact has increased their companies' security risks. Where do the risks come from? Hackers and internal employee misconduct, said respondents.

Other key information from the (ISC)² report includes:

• "About half of the respondents (51.1 percent globally; 51.9 percent U.S.) saw their information security budgets decrease somewhat or significantly in 2009, while 36.9 percent (35.7 percent in the U.S.) expect no change in their budgets for 2010. This compares to over two-thirds (72 percent) of respondents who reported in the 2009 survey that their budgets had been reduced last year.
• "Approximately 54 percent (54.6 percent in U.S.) of respondents expect no personnel reductions or layoffs in 2010; while 20 percent (20.8 percent in U.S.) expect additional layoffs, compared to 40 percent of respondents from the previous survey in 2009.
• "Globally, 55.5 percent of respondents said the economic downturn had decreased their security technology purchases in 2009; 30.7 percent of respondents believe the economy will continue to cause decreased purchasing in 2010."

"The biggest challenge these top companies and government agencies face is finding enough of the right people with the right security skills to meet their needs, including security technicians, professionals and managers," Tipton said.