Information security jobs may not be the most glamorous ones in the technology industry. But at least they appear to be a lot more secure than many other IT positions are during the ongoing economic recession.
Two reports due to be released next Monday, one from the SANS Institute and the other from Foote Partners, say that the size of security staffs and the money companies are willing to pay them have remained surprisingly steady. Helping to ensure that IT security workers have job security, according to the reports, are factors such as regulatory compliance demands, increasing data protection requirements stemming from wireless deployments and rollouts of virtualization technology, and growing consumer angst over data breaches.
[ Related: See why tech is still a good profession with decent pay and relatively solid job security. ]
The report that will be issued by SANS, a security training and research firm in Bethesda, Md., is based on an online survey of 2,120 security executives, the biggest number of whom were from companies with between 10,000 and 40,000 employees.
SANS said the survey showed that through the end of November, 79 percent of the respondents were predicting no immediate reductions in their IT security staffs. And even in the cases in which survey respondents said they did expect to eliminate security jobs, the number of positions due to be cut was usually very small. For instance, less than 3 percent of those surveyed said they would be cutting 15 or more security jobs this year.
On the other hand, slightly more than half of respondents -- 54.8 percent -- forecast that their organizations wouldn't hire any additional security personnel during 2009, SANS said.
Even so, the survey results reveal a surprising stability in the information security job market amid all the cost-cutting and layoffs that are taking place, said Alan Paller, director of research at SANS. "I was expecting to see the number [of security jobs] going down significantly," Paller said. "But most people are not changing anything at all."
The security skills that appear to be attracting the most interest from employers, Paller added, are the more "hands-on" ones, such as computer forensics, penetration testing, intrusion detection, and incident handling.