Help wanted: Agencies expect to hire more info security pros in 2010

ISC(2) survey finds agencies expect stable or increased IT security budgets

Federal government is a good place for information security professions during the current economic downturn, with relatively stable budgets, rising wages and growing employment opportunities, according to a recent survey by ISC(2) (the International Information Systems Security Certification Consortium).

Nearly 75 percent of government respondents received salary increases in 2009, more than half expect no change in information technology budgets this year and nearly 20 percent expect budgets to increase, and about 60 percent expect to hire new security employees this year.

“The results from our latest career impact survey show that in a very difficult economic environment, organizations are placing an even higher value on the work that information security professionals do," said W. Hord Tipton, the consortium’s executive director.

ISC(2) conducted a survey of 2,980 professionals worldwide in December and January, and extracted data on 688 U.S. government respondents.

One third of the government respondents worked in organizations with total security budgets of $5 million or more. Forty-four percent said security budgets remained stable last year compared with 2008, while another 40 percent said they had decreased. For this year, 52 expect IT security budgets to remain stable and about 28 percent expect to see a decrease. About 20 percent expect an increase.

About half the respondents said that the economic downturn has not posed increased security risks to their organizations, with the remainder being split between seeing increased risk and not being sure.

Of 175 respondents who said they had hiring responsibilities, 58 percent said they expected to hire information security staff in the coming year. Most of them expect to hire just one or two people, although 14 percent expected to hire 10 people or more.

ISC(2) government affairs director Marc H. Noble said the nature of the hires is being determined by the current regulatory environment, which requires certification and testing of IT systems. Sixty-one percent of those who said they are hiring new staff said they are looking for certification and accreditation expertise, while 43 percent said they looking for recruits who are well-versed in information risk management.

“The use of continuous monitoring and risk management to replace the C&A process is likely in the future, but the results of this survey show that the future isn’t here yet,” Noble said.

About the Author

William Jackson is a Maryland-based freelance writer.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Shutterstock image: looking for code.

    How DOD embraced bug bounties -- and how your agency can, too

    Hack the Pentagon proved to Defense Department officials that outside hackers can be assets, not adversaries.

  • Shutterstock image: cyber defense.

    Why PPD-41 is evolutionary, not revolutionary

    Government cybersecurity officials say the presidential policy directive codifies cyber incident response protocols but doesn't radically change what's been in practice in recent years.

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

Reader comments

Thu, Mar 25, 2010

Here again GCN fails to understand anything about C&A. C&A is the instantiation of the risk management framework when done as prescribed.... READ NIST and understand what it is. It is not a fill out the paper form and call it good although many agencies treat it as such. Read 800-37 you'll notice the final phase of the C&A IS CONTINUOUS MONITORING. This isn't new... why anybody thinks this is something that hasn't been prescribed before is astonishing. Here's the issue.. if you haven't been able to get agencies to do this in the past... what makes you think they will move to do it now? SANS saying you should do it? OMB needs to stop relying on the private industry to supply a tool for a solution and understand the real issue. CUT FUNDING for insecure systems that cannot PROVE disciplined SDLC and operational assurance.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group