Information security professionals maintained job stability and mobility in 2011. This trend is set to continue in 2012 as companies further recognize the importance of sound security policies amid more breaches, finds a new (ISC)² survey.
The non-profit IT security organization found that only 7 percent of IT security professionals were unemployed at any point during 2011, and almost 70 percent reported a salary increase. 55 percent of respondents also expected to receive an increase in salary this year.
Of the respondents, 72 percent also stated that last year, their organization had hired individuals specifically for IT security roles and a majority of respondents, at 62 percent, indicated they were looking to hire more permanent or contract information security employees in 2012.
The survey was conducted from Dec. 2011 to Jan. 2012, gartnering 2,256 respondents gain insights into how economic conditions and security threats affect the information security profession in 2011 and predict 2012's outlook. 28.9 percent of companies were from the government sector, followed by information technology at 28.5 percent and professional services at 18.2 percent. The majority of the organizations had more than 1,000 employees.
"These results demonstrate that even in tough economic times, information security professionals are in high demand by hiring managers and organizations who understand that their skillsets are not only paramount to their organization's ability to conduct business but also give them a competitive advantage," W. Hord Tipton, executive director of (ISC)² said in a statement.
It was also found that 56 percent of those surveyed reported increased security risks in 2011, with 38 percent attributing most of that activity to mobile devices. Around 30 percent of respondents expect information security budgets and equipment purchases to increase in 2012.
Commenting on the findings, Tipton sad that the data also reflect the increase in security breaches throughout 2011, and the fact that both public and private sector organizations finally realized the importance of implementing sound security programs that should be run by experienced and qualified professionals.
An understanding of information security concepts played an important factor in the hiring decisions, with 81 percent of respondents indicating that it was paramount. Other top factors include directly related experience at 72 percent and technical skills at 76 percent.
Hiring managers also indicated that operations security was the top skill they were looking for, with 55 percent of respondents opting for that. This was followed closely by security management practices at 52 percent, access control systems and methodology at 51 percent and security architecture and models at 50 percent. Other important skills were in areas such as risk management, telecom and network security, application and systems development security, cloud and virtualization.
Tipton remarked that while it was positive that the field continues to grow and was "recession-proof", one of the biggest challenge remained finding enough appropriate talent to "fill the huge void" existing.
He explained that security was ever-changing and required professionals to expand constantly upon their knowledge of today's advanced threats. "Just as importantly, this field also calls for hands-on experience and the business know-how to implement robust security practices across an organization," Tipton added.