Special Coverage Series

Network Computing

Special Coverage Series


Demand for IT Security Experts Outstrips Supply

IT security professionals are in high demand, especially those with certifications, and security salaries are on the rise. But a shortage of talent leaves companies struggling to get their hands around breaches.

Demand for security professionals is growing at almost four times the pace of other roles in IT, and has consistently outstripped the supply of experts, according to new report.

During the past five years, the number of job postings for IT security positions went up 73%, according to a study conducted by Burning Glass Technologies, which develops job-search and resume-parsing software. By contrast, the study showed that job postings for general IT positions went up just 20% in the same time period.

More Insights

Webcasts

More >>

White Papers

More >>

Reports

More >>

Other data also point to a strong demand for infosec professionals. Security topped the list for planned staff increases, edging out other hot IT areas including application development and data analytics, according to InformationWeek Reports' 2012 State of IT Staffing survey. More than 1,300 business technology professionals responded to the survey.

There are approximately 67,000 cyber security jobs in the U.S., 50,000 of which require a Certified Information Systems Security Professional (CISSP) certification, according to public statements by Matt Sigelman, CEO of Burning Glass Technologies.

During the past two years, the number of jobs posted that require CISSPs rose from 19,000 to more than 29,000, a pace the industry can't possibly match, Sigelman said.

CISSP certification requires a minimum of five years of active security work in one of 10 specific security disciplines, according to ISC 2, Inc., which administers the certification.

According to InformationWeek Reports, 57% of respondents hiring in the security area say certifications are important factors in evaluating candidates for IT security jobs.

chart: Salary Trend

The shortage of security professionals may be driving up salaries. According to InformationWeek Reports' 2012 IT Salary Survey of the security sector, the median annual base salary for IT security staff rose from $90,000 in 2011 to $97,000 in 2012; security managers saw a jump to $115,000 in 2012, vs. $110,000 in 2011.

Shortage Strains

The shortage is putting a strain on the rest of the IT staff in many organizations and keeping managers busy hunting for qualified candidates, the Burning Glass report stated.

It is also distracting managers with the constant need to find and recruit new job candidates.

In a keynote at the RSA security conference in San Francisco last month, Dept. of Homeland Security Deputy Undersecretary Mark Weatherford admitted raiding other federal agencies to help fill openings at DHS.

He also warned there are not enough people in the educational pipeline even to fill current demand, let alone the numbers of security pros DHS and other organizations will require in a few years.

"Cultivating the next generation of security professionals is critical to our economic viability and the future of our country," Weatherford said during the speech.

Among the highest costs of the security skills shortage is that existing security staffs don't have the time to evaluate or learn the best tools to do their jobs or get the training to stay up to date, said a Ponemon Institute study released at the RSA conference in San Francisco last month.

Malicious data breaches have increased 54% during the past two years, exacerbating a threat IT isn't staffed or well-equipped enough to deal with, the report said. It takes an average of 80 days for a victimized company to discover a malicious breach and another four months to resolve it, the Ponemon survey found.

[ Join us at Interop Las Vegas for access to 125+ IT sessions and 300+ exhibiting companies. Register today! ]

Worse, a third of all malicious data breaches are reported by third-party companies, meaning the victimized companies don't detect the breaches at all.

Some of the poor response comes from managers that don't really understand where the threats are coming from or how serious they are, the Ponemon report said. The result is that many security pros spend a significant amount of time working on compliance rather than security, and even more time doing things like reminding users to change passwords rather than countering threats from outside.

"Organizations are facing a growing flood of increasingly malicious data breaches, and they don't have the tools, staff or resources to discover and resolve them," according to Larry Ponemon, chairman and founder of the Ponemon Institute.

Rather than trying to harden the perimeter of a network and running around the building to solve security mini-crises, security staffs have to get ahead of the attackers with more effective penetration-identification, data-protection tools, and training to help end users avoid spear phishing and social-engineering attacks, Ponemon said.

Doing that, however, means hiring more people to put out fires, more people to build or run protection and monitoring tools, and more people to use the advanced analytics that can identify discrepancies that may indicate an attack is underway. But demand for those bodies is increasing, and the supply is so short that even senior Homeland Security officials say the best way to find good security people is to steal them. That makes for a tough market for companies looking to hire security pros.



Related Reading



Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 

Editor's Choice

Research: 2014 State of Server Technology

Research: 2014 State of Server Technology

Buying power and influence are rapidly shifting to service providers. Where does that leave enterprise IT? Not at the cutting edge, thatís for sure: Only 19% are increasing both the number and capability of servers, budgets are level or down for 60% and just 12% are using new micro technology.
Get full survey results now! »

Vendor Turf Wars

Vendor Turf Wars

The enterprise tech market used to be an orderly place, where vendors had clearly defined markets. No more. Driven both by increasing complexity and Wall Street demands for growth, big vendors are duking it out for primacy -- and refusing to work together for IT's benefit. Must we now pick a side, or is neutrality an option?
Get the Digital Issue »

WEBCAST: Software Defined Networking (SDN) First Steps

WEBCAST: Software Defined Networking (SDN) First Steps


Software defined networking encompasses several emerging technologies that bring programmable interfaces to data center networks and promise to make networks more observable and automated, as well as better suited to the specific needs of large virtualized data centers. Attend this webcast to learn the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging.
Register Today »

Related Content

From Our Sponsor

How Data Center Infrastructure Management Software Improves Planning and Cuts Operational Cost

How Data Center Infrastructure Management Software Improves Planning and Cuts Operational Cost

Business executives are challenging their IT staffs to convert data centers from cost centers into producers of business value. Data centers can make a significant impact to the bottom line by enabling the business to respond more quickly to market demands. This paper demonstrates, through a series of examples, how data center infrastructure management software tools can simplify operational processes, cut costs, and speed up information delivery.

Impact of Hot and Cold Aisle Containment on Data Center Temperature and Efficiency

Impact of Hot and Cold Aisle Containment on Data Center Temperature and Efficiency

Both hot-air and cold-air containment can improve the predictability and efficiency of traditional data center cooling systems. While both approaches minimize the mixing of hot and cold air, there are practical differences in implementation and operation that have significant consequences on work environment conditions, PUE, and economizer mode hours. The choice of hot-aisle containment over cold-aisle containment can save 43% in annual cooling system energy cost, corresponding to a 15% reduction in annualized PUE. This paper examines both methodologies and highlights the reasons why hot-aisle containment emerges as the preferred best practice for new data centers.

Monitoring Physical Threats in the Data Center

Monitoring Physical Threats in the Data Center

Traditional methodologies for monitoring the data center environment are no longer sufficient. With technologies such as blade servers driving up cooling demands and regulations such as Sarbanes-Oxley driving up data security requirements, the physical environment in the data center must be watched more closely. While well understood protocols exist for monitoring physical devices such as UPS systems, computer room air conditioners, and fire suppression systems, there is a class of distributed monitoring points that is often ignored. This paper describes this class of threats, suggests approaches to deploying monitoring devices, and provides best practices in leveraging the collected data to reduce downtime.

Cooling Strategies for Ultra-High Density Racks and Blade Servers

Cooling Strategies for Ultra-High Density Racks and Blade Servers

Rack power of 10 kW per rack or more can result from the deployment of high density information technology equipment such as blade servers. This creates difficult cooling challenges in a data center environment where the industry average rack power consumption is under 2 kW. Five strategies for deploying ultra-high power racks are described, covering practical solutions for both new and existing data centers.

Power and Cooling Capacity Management for Data Centers

Power and Cooling Capacity Management for Data Centers

High density IT equipment stresses the power density capability of modern data centers. Installation and unmanaged proliferation of this equipment can lead to unexpected problems with power and cooling infrastructure including overheating, overloads, and loss of redundancy. The ability to measure and predict power and cooling capability at the rack enclosure level is required to ensure predictable performance and optimize use of the physical infrastructure resource. This paper describes the principles for achieving power and cooling capacity management.