Top Sectors Hiring ITSecurity Professionals

Computerworld - Consulting: Incident response and computer forensics are hot right now. Most of this growth is occurring in consulting firms that can dispatch staffers on an as-needed basis to investigate events or provide evidentiary support in legal cases.

"We're growing quickly," says Ken Shear, vice president of technology and law at Electronic Evidence Discovery Inc. in Seattle. "We just passed 100 employees, a dozen of those in forensics."

Forensics experts at Electronic Evidence Discovery are called data analysts. The skills required for these positions at the company include the following:

• Hands-on work with key operating systems and networking technologies.
• Strong knowledge in data -- where it resides and where it hides.
• Some knowledge of the legal process.

Pay for these positions ranges from $45,000 to $75,000, depending on experience and skills. Experts can earn up to $125,000.

Managed services: Businesses are starting to turn to security monitoring services from companies such as Vigilinx Inc., SecurityFocus and Counterpane Internet Security Inc. For example, Counterpane employs 30 security analysts at its operations centers in Chantilly, Va., and Mountain View, Calif.

"We've got about 250 corporate, government and nonprofit customers right now," says Bruce Schneier, founder and chief technology officer of Counterpane in Cupertino, Calif.

Counterpane isn't actively looking for employees, but it anticipates future expansion. Skills required for positions at the company include the following:

• Detail-oriented security expertise, with the ability to sort through minute details and separate events from background noise.
• Knowledge of intrusion-detection and filtering tools.
• Customer service skills.
• Ability to identify and research suspicious activity.

New hires receive SANS Institute Global Information Assurance Certification training and in-house customer service training. Pay ranges from $55,000 to $75,000 for Tier 1 analysts and $75,000 to $95,000 for Tier 2 security engineer positions.

Government: Even government workers are feeling the recession, says Michael Sherwood, CIO for the city of Oceanside in Southern California. But job security is strong in government positions, as is training. For instance, Sherwood transformed a network engineer into a security analyst by sending him to professional development classes and product training seminars.

But the pay, which is about $50,000 for a security engineer at the city, is dismal compared with what private-sector security professionals can command.

Sexier and better-paying security jobs are in military, intelligence and law enforcement operations, such as the computer crime and investigations unit in the U.S. Army's Criminal Investigative Command, in Fort Belvoir, Va.

"Contractors are being hired by the Army because we can't find the people to recruit for forensics and vulnerability assessment work here," says Brent Pack, operations officer for the unit.

Pack's unit has 12 people working as intrusion investigators, forensics examiners, legal advisers and criminal investigation coordinators. Two of those workers are from civilian contracting firms and earn a competitive $60,000 to $80,000 per year.