Photo credit: (artwork courtesy jscreationzs - www.freedigitalphotos.net/images/view_photog.php?photogid=1152)
In 2011, as it will be in 2012, information security professional was the recession-proof job to have in our industry. According to a new Frost & Sullivan report sponsored by (ISC)2, cybersecurity skills are key to weathering the economic downturn that has engulfed the vast majority of global workers.
"The role of the information security professional has been steadily changing during the past decade. They are now responsible for the security of many facets of an organization, including regulatory compliance, human resource and legal compliance, data security, access control and more," the report says. "As a result,information security professionals have weathered the economic recession well compared to professionals in other industries. In fact, three out of five (ISC)2 members reported a salary increase within the past year."
In the report, which is available from (ISC)2, Frost & Sullivan estimates the number of information security professionals worldwide in 2010 to have been approximately 2.28 million. This figure is expected to increase to almost 4.24 million by 2015, displaying a Compound Annual Growth Rate (CAGR) of 13.2 percent from 2010 to 2015. The Asia-Pacific (APAC) and Europe, Middle East, and Africa (EMEA) regions will present strong growth opportunities for these professionals as well.
With more individuals achieving higher education levels and gaining valuable experience, information security salaries in 2011 have shifted globally. In the Americas, the average annual salary for (ISC)2 members was $106,900 (compared to $100,967 in 2007). This increase reflects the growing importance being placed on security and the number of experienced professionals in the region. Member salaries in EMEA were also impressive at $87,400. In previous years, surveys have shown that APAC salaries have lagged significantly; however, the 2011 survey indicates that APAC salaries are becoming more closely aligned to those seen in other regions, moving up to $74,500.
The survey also examined key security trends facing the typical IT security professional -- which is where even the IT pro is not immune to the recession. According to the report, the information security professional is "under increasing pressure to provide even more services to the organization to protect not just the organization’s systems and data, but also its reputation, its end-users and its customers." In other words, like many of us, IT pros are being asked to do more with fewer resources.
According to the report, "the information security profession could be on a dangerous course, where information security professionals are engulfed in their current job duties and responsibilities, leaving them ill-prepared for major changes ahead. The profession as a whole appears to be resistant to adopt new trends in technology, such as social media and cloud computing, which are widely adopted by businesses and the average end-user.
"This is not to say the industry is doomed," the report continues. "If the projected growth in number of information security professionals and concurrent increases in training continue, these risks can be reduced."
According to the report, the three key areas of growth in the information security field are:
• Regulatory compliance demands (both vertical and geopolitical);
• Greater potential for data loss via mobile devices and mobile workforce; and
• Loss of control as organizations shift data to cloud-based services.
Here are some other key findings (for the full report, visit the link above or at the end of this article):
• Application vulnerabilities are the top threat to organizations.
• Mobile devices were the second highest security concern for the organization, despite an overwhelming number of professionals having policies and tools in place to defend against mobile threats.
• Respondents reported inconsistent policies and protection for end-users visiting social media sites.
• Three out of five respondents reported receiving a salary increase in 2010.
For the full report and links to previous IT security workforce studies, visit https://www.isc2.org/workforcestudy/default.aspx