Information security jobs may not be the most glamorous ones in the technology industry. But at least they appear to be a lot more secure than many other IT positions are during the ongoing economic recession.
Two reports due to be released next Monday, one from the SANS Institute and the other from Foote Partners, say that the size of security staffs and the money companies are willing to pay them have remained surprisingly steady. Helping to ensure that IT security workers have job security, according to the reports, are factors such as regulatory compliance demands, increasing data protection requirements stemming from wireless deployments and rollouts of virtualization technology, and growing consumer angst over data breaches.
[ Related: See why tech is still a good profession with decent pay and relatively solid job security. ]
The report that will be issued by SANS, a security training and research firm in Bethesda, Md., is based on an online survey of 2,120 security executives, the biggest number of whom were from companies with between 10,000 and 40,000 employees.
SANS said the survey showed that through the end of November, 79 percent of the respondents were predicting no immediate reductions in their IT security staffs. And even in the cases in which survey respondents said they did expect to eliminate security jobs, the number of positions due to be cut was usually very small. For instance, less than 3 percent of those surveyed said they would be cutting 15 or more security jobs this year.
On the other hand, slightly more than half of respondents -- 54.8 percent -- forecast that their organizations wouldn't hire any additional security personnel during 2009, SANS said.
Even so, the survey results reveal a surprising stability in the information security job market amid all the cost-cutting and layoffs that are taking place, said Alan Paller, director of research at SANS. "I was expecting to see the number [of security jobs] going down significantly," Paller said. "But most people are not changing anything at all."
The security skills that appear to be attracting the most interest from employers, Paller added, are the more "hands-on" ones, such as computer forensics, penetration testing, intrusion detection, and incident handling.
And the salaries being paid to security professionals continue to "show that security skills are highly valued," Paller said. Nearly 40 percent of the respondents to the SANS survey said they earned more than $100,000 annually, while only 1.65 percent said they were being paid less than $40,000 per year. Even those with less than three years of experience reported earning an average salary of almost $72,000, according to the SANS report, which notes that security salaries generally appeared to be highest on the West Coast.
Meanwhile, Vero Beach, Fla.-based Foote Partners says in its report that it has noted a continuing steady increase in the total amounts companies are willing to pay certified IT security professionals. The increases are still coming even as the average amounts paid to IT pros with 175 other tech certifications have continued a decline that began in 2006, according to Foote.
The consulting firm tracks the pay premiums earned by more than 22,500 IT workers and provides quarterly updates on its findings, breaking out the results on the basis of 354 different skills and certifications. In 2007, "we started to see a real uptick in spending for security labor," said David Foote, the firm's founder and CEO.
Over the last six months of 2008, employees with security certifications saw a 2 percent increase in the premiums that companies were willing to pay them above and beyond their basic salaries, Foote said. He added that such premiums have risen by an aggregate of about 3.4 percent over the last 18 months.
The security certifications that are attracting the largest premiums include ones related to network and wireless security, incident handling and ethical hacking, Foote said. However, interest in workers with security management certifications -- including the popular Certified Information Systems Security Professional and Certified Information Systems Auditor ones -- appears to have cooled off a little bit, based on the latest statistics gathered by Foote.
Computerworld is an InfoWorld affiliate.
This story, "IT security jobs largely untouched by economy" was originally published by Computerworld.