IT security jobs largely untouched by economy, researchers say

Computerworld - Information security jobs may not be the most glamorous ones in the technology industry. But at least they appear to be a lot more secure than many other IT positions are in the ongoing economic recession.

Two reports due to be released next Monday, one from the SANS Institute and the other from Foote Partners LLC, say that the size of security staffs and the money companies are willing to pay them have remained surprisingly steady. Helping to ensure that IT security workers have job security, according to the reports, are factors such as regulatory compliance demands, increasing data protection requirements stemming from wireless deployments and rollouts of virtualization technology, and growing consumer angst over data breaches.

The report that will be issued by SANS, a security training and research firm in Bethesda, Md., is based on an online survey of 2,120 security executives, most of whom were from companies with between 10,000 and 40,000 employees.

SANS said the survey showed that through the end of November, 79% of the respondents were predicting no immediate reductions in their IT security staffs. And even in the cases in which survey respondents said they did expect to eliminate security jobs, the number of positions expected to be cut was mostly very small. For instance, less than 3% of those surveyed said they would be cutting 15 or more security jobs this year.

On the other hand, slightly more than half of the respondents — 54.8% — forecast that their organizations wouldn't hire any additional security personnel this year, SANS said.

Even so, the survey results reveal a surprising stability in the information security job market amidst all the cost-cutting and layoffs that are taking place, said Alan Paller, director of research at SANS. "I was expecting to see the number [of security jobs] going down significantly," Paller said. "But most people are not changing anything at all."

The security skills that appear to be attracting the most interest from employers, Paller added, are the more "hands-on" ones, such as computer forensics, penetration testing, intrusion detection and incident handling.

And the salaries being paid to security professionals continue to "show that security skills are highly valued," Paller said. Nearly 40% of the respondents to the SANS survey said they earned more than $100,000 annually, while only 1.65% said they were being paid less than $40,000 per year. Even those with less than three years of experience reported earning an average salary of almost $72,000, according to the SANS report, which notes that security salaries generally appeared to be highest on the West Coast.