Help wanted: Agencies expect to hire more info security pros in 2010
ISC(2) survey finds agencies expect stable or increased IT security budgets
- By William Jackson
- Mar 12, 2010
Federal government is a good place for information security professions during the current economic downturn, with relatively stable budgets, rising wages and growing employment opportunities, according to a recent survey by ISC(2) (the International Information Systems Security Certification Consortium).
Nearly 75 percent of government respondents received salary increases in 2009, more than half expect no change in information technology budgets this year and nearly 20 percent expect budgets to increase, and about 60 percent expect to hire new security employees this year.
“The results from our latest career impact survey show that in a very difficult economic environment, organizations are placing an even higher value on the work that information security professionals do," said W. Hord Tipton, the consortium’s executive director.
ISC(2) conducted a survey of 2,980 professionals worldwide in December and January, and extracted data on 688 U.S. government respondents.
One third of the government respondents worked in organizations with total security budgets of $5 million or more. Forty-four percent said security budgets remained stable last year compared with 2008, while another 40 percent said they had decreased. For this year, 52 expect IT security budgets to remain stable and about 28 percent expect to see a decrease. About 20 percent expect an increase.
About half the respondents said that the economic downturn has not posed increased security risks to their organizations, with the remainder being split between seeing increased risk and not being sure.
Of 175 respondents who said they had hiring responsibilities, 58 percent said they expected to hire information security staff in the coming year. Most of them expect to hire just one or two people, although 14 percent expected to hire 10 people or more.
ISC(2) government affairs director Marc H. Noble said the nature of the hires is being determined by the current regulatory environment, which requires certification and testing of IT systems. Sixty-one percent of those who said they are hiring new staff said they are looking for certification and accreditation expertise, while 43 percent said they looking for recruits who are well-versed in information risk management.
“The use of continuous monitoring and risk management to replace the C&A process is likely in the future, but the results of this survey show that the future isn’t here yet,” Noble said.
William Jackson is freelance writer and the author of the CyberEye blog.