All of these trends are prompting CIOs and CISOs to hire experienced security professionals to safeguard their sensitive information. They are particularly concerned about protecting intellectual property from theft by government-sponsored hackers from countries such as China.
"There's certainly a great need in the market, with cyber security breaches costing U.S. companies upwards of $400 billion annually in intellectual property theft alone," says Don Hanson, senior vice president with Yoh, an IT staffing agency.
Hanson sees demand for developers who can build secure applications, network engineers with security certifications, and architects who understand how to secure systems and processes. He says there is also a need for IT professionals to be involved with security monitoring, information assurance and regulatory compliance.
"The biggest need is for folks that are working in security with cutting-edge technologies,'' Hanson says. "There are so many mobile devices out there, it's important to add the layer of mobile device management and to understand how that additional layer works."
Hanson says companies are looking to hire IT professionals with experience in security information event management, intrusion detection, data loss prevention and logging systems, as well as those with certifications related to ethical hacking and digital forensics. However, they prefer to hire IT professionals with a big-picture perspective on security issues rather than expertise in only one type of security device.
"It's not so much about any one technology or any one point product," Hanson says. "It's more about a holistic approach to security that companies are taking that includes their policies and assets across their entire information architecture."
The titles for open cyber security jobs vary, with the most popular being security engineers, security analysts and security architects. Other organizations favor the terms cyber security analysts and information assurance analyst.
"We're looking now for cyber security intelligence analysts and information assurance analysts who understand how to look at information not only from a technical and logical security standpoint, but who can relate that back to risk management and business process risk," says Jacob Braun, president and COO of Waka Digital Media Corp., a Boston-based IT security consulting firm. "We're looking for people who can look at attacks in progress and can find occurrences that are symptomatic of attacks and...can help mitigate potential for future attacks."
Most of these high-paying cyber security jobs are not for recent computer science graduates; instead companies are looking to hire IT professionals with five to 15 years of experience with security systems and processes as well as related certifications. [See sidebar with tips for landing a cybersecurity job.]
"A cyber security analyst is someone who has nine to 15 years of professional experience, preferably has a master's degree and possesses a variety of information security certifications," Braun says. "Salary depends on geography and industry. It can range anywhere from $80,000 to $150,000. If an individual has a unique set of experience, it can be significantly higher, especially for consultants."
Last year, Unisys hired an IT security director and expanded its IT security staff. Now the company is looking for knowledge of security principals in all of its ongoing IT hires, including application developers and network engineers, says Unisys CISO Dave Frymier.