Security Experts:

Reports Show Extreme Demand for Skilled Security Professionals

It is a good time to be cyber-security professional in the United States, as two recent job reports indicate demand far exceeds the supply of available skilled individuals.

Demand for cyber-security professionals grew 3.5 times faster than demand for other IT jobs and 12 times faster than all other jobs, according to a report from Burning Glass Technologies, which develops recruiting technologies.

Burning Glass analyzed job posts for cyber-security professionals placed by U.S. businesses and government agencies from 2007 to 2012 for the report, which was released this week. Burning Glass also looked at how many times employers posted the same job ad to determine that cyber-security jobs were "substantially harder to fill" than other types of computer jobs. Cyber-security job postings were reposted, or duplicated almost 35 percent more often than other types of computer-related jobs, the report found.

"Posting behavior suggests the possibility of a particular shortage of managers and analysts with cyber security expertise," Burning Glass wrote.

Trends, such as bring-your-own-device, cloud computing, and the rise of HTML5 applications, are complicating the information security landscape, according to Burning Glass. Security teams now have to manage and secure information being stored on a wider array of devices than ever before. There are plenty of jobs, but not enough bodies to fill them.

This is in line with a different report from the ISC2 Foundation released last month. In a survey of 12,000 information security professionals around the world, 78 percent of respondents said bring-your-own-device is a significant security risk, and 74 percent believed that new security skills were required to properly manage the emerging risk.

There were 67,437 job ads for cyber-security-related positions in the U.S in 2012, a 73 percent increase since 2007, Burning Glass found in its report. These jobs weren't limited to just the tech sector, but existed across a wide range of industries, including professional services organizations, defense, financial services, health care, and retail, according to the report.

Employers are willing to pay for cyber-security skills, as jobs with a cyber-security component commanded a premium, about $12,000 on average, on salaries, Burning Glass found. The report noted that many of these cyber-security jobs had the same job titles as non-security jobs, such as analysts, specialists, and auditors. Of the two jobs with the same title, the one requiring cyber-security skills was likely to have salaries 10 percent higher than the one that didn't require security, according to the report.

A little over half of the job postings analyzed by Burning Glass were looking for engineers and analysts, but administrators, technicians, auditors, architects and consultants were also in demand. ISC2's report also found good news for salaries, noting that 58 percent of the respondents reported receiving a raise in the last year.

Certifications were also much more important for cyber-security jobs, Burning Glass concluded. US employers were three times likely to demand security professionals have a security certification than for non-security roles.

The shortage of cyber-security talent has a dramatic impact, as organizations are unable to secure their infrastructure, defend against threats, and recover from a cyber-attack. This was clearly illustrated in ISC2's report, which noted that organizations were struggling to defend against cyber-threats. About 71 percent of respondents said their organizations were under a lot of strain because they didn't have enough security professionals on staff, the ISC2 report found.

About 15 percent of the organizations in the ISC2 survey were unable to estimate how long it would take them to recover from an attack, which indicates that "the major shortage of skilled cyber security professionals is negatively impacting organizations and their customers, leading to more frequent and costly data breaches," ISC2 concluded.

view counter
Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.