I have some good news and some bad news. The good news is that demand for security people is at an all-time high, as are salaries. The bad news is that this “job seeker’s” market is creating some bad behaviors and numerous problems for organizations who have finally seen the light over proactively addressing security.
A recent article in Computerworld discussed a study of cybersecurity job postings done by Burning Glass Technologies:
“In 2012, there were more than 67,400 separate postings for cybersecurity-related jobs in a range of industries, including defense, financial services, retail, healthcare and professional services. The 2012 total is 73% higher than the number of security jobs posted in 2007, Burning Glass said. “
“According to Burning Glass, cybersecurity jobs on average offer a premium of about $12,000 over the the average for all computer jobs — the advertised salary for cybersecurity jobs in 2012 was $100,733 versus $89,205 for all computer jobs.”
This demand makes sense given the increase in security program maturity that Gartner has been watching for 10 years. More companies waking up to the fact that security requires investment and experienced people.
Hold up on the celebration though, here’s what I’ve learned from the companies I speak to every day.
- The hiring managers are having problems making the business case for the higher salaries
- The candidates tend to be very young, with minimal experience, but demanding very high salaries.
- The candidates tend to know technology, but not program management resulting in continued focus on technology as the answer to solve security issues.
- There is a class of security expert that is now job hopping every couple of years leaving the organization in the lurch.
The bottom line is that it is very hard to develop a mature program when you can’t find experienced resources that know program management AND security technology.
My advice to clients
- Consider hiring from within, someone who knows your company and IT, and a desire to learn the security skills. This should not be a hard sell to potential candidates given the skyrocketing demand.
- Prioritize program management experience over technology skills if you’re looking for a security manager or CISO.
- Work with HR on retention to address the risk of job hopping.
- Keep up on the latest salary surveys to make the business case. You can’t hire a CISO for $80K.
What is your experience?
Category: Uncategorized Tags: