By Kelly Jackson Higgins
May 13, 2010
The IT security job market is booming -- but that doesn't mean everyone
is automatically getting a job, or the right job. And just like the
threat landscape is rapidly evolving, so are the qualifications and
qualities needed for positions in the security profession.
There's a conundrum between supply and demand: Employers are looking for
security candidates who can fill a specific need, such as incident
response or risk management, while security pros on the job hunt want to
build on their existing skills and advance their careers. "But employers
don't want to hire someone to get experience on their dime," says Lee
Kushner, president of LJ Kushner and Associates, an IT security
"In general, there are more qualified people than jobs. And in specific
terms, there are fewer qualified candidates for the jobs people are
hiring for," says Kushner, who also co-founded InfoSecLeaders.com.
Getting the right person for the job is as difficult as getting the
right job. According to a report by Booz Allen Hamilton last year, only
40 percent of government managers say they are satisfied with the
quality of applicants they're seeing for federal IT security jobs, and
only 30 percent are happy with the number of applicants.
And employers are looking for security pros who specialize in specific
security disciplines. The days of the Certified Information Systems
Security Professional (CISSP) certification guaranteeing employment are
over, security career experts say. Security jobs are becoming more
specialized, so a general cert doesn't carry the same weight it once
did. "CISSP used to be a must-have. Now it's more of a 'nice-to-have,'"
says David Bump, portfolio manager for security certifications for Cisco
Systems' Learning@Cisco program.
Best Selling Security Books and More!
Shop InfoSec News