March 03, 2010, 4:40 PM — (ISC)2 used RSA Conference 2010 as the backdrop to release survey results that will probably raise eyebrows among those who have lost jobs and struggled to find new ones in the aftermath of the Great Recession.
According to its 2010 Career Impact Survey, more than half of the 2,980 information security professionals polled between December and January received salary increases in 2009, while less than five percent of participants lost their jobs -- a smaller number than one might expect given the severity of the recession.
Globally, 52.8 percent of respondents received salary increases in 2009. Less than 11 percent saw their salaries and/or benefits cut, while 4.8 percent were laid off by their employers. Of the 800-plus respondents who identified themselves as having hiring responsibilities, more than half -- 53.3 percent -- said they need to hire permanent and/or contract employees in 2010. In the U.S., this is an improvement over the previous year's survey, when 44.5 percent of hiring managers said they expected to be hiring in the second half of 2009.
Of those hiring, 40 percent said they'll hire three or more information security professionals this year, compared to the 2009 survey, in which just 13.1 percent said they would be hiring three or more new permanent or contract employees. Over 90 percent of hiring managers globally and in the U.S. said their biggest hiring challenges were finding candidates with the right skills and level of experience.
Ironically, the reason for these pay increases may be because of the recession, as security practitioners are called upon to protect their companies from angry, laid off employees who may feel compelled to do something malicious to computer systems on the way out the door, (ISC)2 Executive Director Hord Tipton said in an interview Wednesday morning. The rapidly shifting threat landscape is another likely reason.
"As quickly as technology has advanced and as prevalently known as the threats have become, companies realize they face huge risk," he said. "Even though the company is going through economic problems as a whole, you have to worry about people leaving the company unhappy and the risk of malicious acts as a result."
In the event of a large layoff, security staff are among the last to leave because they have to strip people of their keys and Internet access, Tipton said. "The people you retain you want to be your best people. It's a distillation of the process. You pay them more for knowing more and you simply try to keep them," he added.
Among the more specific findings: