How to Get a Job in the Infosec Field

Computerworld - My decision to stay in my current job for quality-of-life reasons provoked emotional responses from several readers. Some of those who wrote to me about that column had made similar decisions. But a few, after reading about how I turned down multiple job offers, asked, "Where are all these jobs you keep talking about?" I felt compelled to do a little research on the information security job market and present the results here.
First, I did an unscientific survey of the publicly posted jobs. In my case, most of the jobs I've had have come from personal referrals, so when I'm looking, the first thing I do is contact my network of friends and colleagues. However, I have found that searching the job boards gives me a sense of the types of jobs that are out there, who's hiring and approximate salary ranges.
I set out to answer five questions with this research:
1. How many security jobs are out there?
2. What types of security jobs are out there?
3. What requirements do employers have for certifications and degrees?
4. What parts of the country have more security jobs than others?
5. What are the salary ranges?
Whenever I'm contacted by a recruiter looking for security professionals, I point him in the direction of the International Information Systems Security Certification Consortium Inc., or (ISC)2, which offers the Certified Information Systems Security Professional (CISSP) certification. When I checked its site, the (ISC)² had over 80 security job postings, many with multiple positions, for the month of October. The positions ran the gamut from salespeople to technical security engineers, executives and consultants. The companies advertising for security professionals were located all over the map, including Canada, England, Saudi Arabia and California. Eighty didn't seem like a very big number, though, so I surfed to some of the major job boards.
Each job board has its own way of making searching easier, but by searching for "CISSP" for October, I got the following results: Dice, 645 matches; HotJobs, 1,000; CareerBuilder, 713; Monster, over 800 matches.
There were plenty of job postings from the Big Four consulting houses looking for security types to do audit work, traveling 100% of the time for $40 per hour or less. For a qualified security professional, that's practically minimum wage. Working for one of the Big Four looks good on your resume, gives you a lot of experience (primarily in IT audit) and makes you an expert in dealing with airports, hotels and rental car companies. I