Information security recruitment: How to move on in turbulent times
by Ruth Jacobs - Information Security Recruitment, Barclay Simpson - Friday, 17 April 2009.
Other areas of growth for 2009 include companies looking to recruit their first Information Security Officer, usually a stand alone post with no direct reports, reporting into the COO, Head of Risk or CIO. Such roles have been created due to PCI compliance, FSA regulation and to counter the reputational risk of data leakages. Also following data leakages, the Hannigan Report which highlighted improvements such as increased encryption, penetration testing and a raised awareness of information security across government departments, should create more roles in the public sector. In addition the private sector has responded to this by investing in privacy personnel and aligning with ISO 27001 which is also likely to create new business critical positions. The contract security market, although previously experiencing a slowdown has begun to pick up and is likely to continue to do so, particularly in the public sector.

Overall 2009 will see a decline in the creation of new vacancies and as such the pool of redundant information security practitioners will increase. However as information security is essential to business many positions are secure and back filling of certain open roles will need to occur. Whilst information security will not be as badly affected as other areas, any upturn in recruitment generally does not occur until a recession is over. It is hard therefore to predict how long the market will remain subdued.

For security professionals entering the recruitment market, we would recommend increasing their marketability by undertaking professional certifications desired by prospective employers such as CISSP, CISM or ITIL. Depending on the type of role undertaken, it may also be useful to pursue vendor certifications. For example if a security practitioner is looking for a hands-on technical role involving Check Point firewalls it would be beneficial to gain the CCSE and CCSA certifications, and equally to gain more certifications from other vendorsí products they work with. The technologies most highly rated in the security industry and most commonly used are generally the ones security professionals should aim to certify in first, so long as they are relevant to the type of role they will be seeking.

It is important to remember that a CV is what determines in the first instance whether a candidate is invited to interview, either with a potential employer or with a recruitment agency. During the recession agencies and employers will be receiving an unprecedented number of CVs so it is crucial a CV is written to a high standard. This does not mean keeping it to two pages, but it does mean clearly and succinctly providing all the relevant skills and experience for the specific role for which you are applying. It may mean candidates need to have two or more CVs that focus on different skill areas, such as one for security consultancy opportunities and one for security management positions.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th