Not surprisingly given the economic backdrop, the information security recruitment market has slowed. The first obvious signs of this downturn were evident from the third quarter of 2008 in the financial services sector. It has subsequently spread with recruitment freezes and lower vacancy generation as fewer vacancies are back filled. Fewer security practitioners are voluntarily entering the recruitment market, fearful of moving jobs during an uncertain time. However, overall more candidates are registering due to threat of or actual redundancy.

Although unemployment in the UK is now rising rapidly, information security is not as badly hit as other areas. It has become a business critical function and information security is no longer purely tied to IT. IT is an area where costs are often first cut during downturns. Therefore, we have not seen, nor are we anticipating, the high number of unemployed security practitioners as occurred in 2002 after the dot com bust.

There are some areas in information security that are more badly affected than others. As expected the banking sector has been worst hit, with a high number of redundancies and few banks actively recruiting. The UK banking industry appears to be in the process of being nationalised and in the US three of the five leading US investment banks no longer exist as independent entities and two do not exist at all. For those working in the sector it will be a difficult time to move on as opportunities are very limited. More unfortunate are those who have been made redundant and are now facing the prospect of finding a new position during the recession.


There are areas of the information security market where recruitment is less affected, most noticeably in the public sector. Many major consultancies and systems integrators continued to recruit during 2008 for security practitioners to work on long term government projects. This slowed somewhat from the final quarter of 2008, but we anticipate recruitment in this area will continue during 2009. Most commonly the skills required are security architecture and design, security risk assessment and security policy development.

Identity Management has been a skill in demand over the last two years, although demand is slowing since the Sarbanes Oxley compliance that was driving it has mainly been completed. PKI is likely to be an area where we should see new demand, partly due to the Transglobal Secure Collaboration Program (TSCP) which uses IdM and PKI. In addition following the high profile data losses of the last two years, the number of encrypted hard drives in the UK is set to increase. It is now a UK government requirement and we also anticipate the private sector to follow, hence we expect to see new roles in PKI this year.