Overall 2009 will see a decline in the creation of new vacancies and as such the pool of redundant information security practitioners will increase. However as information security is essential to business many positions are secure and back filling of certain open roles will need to occur. Whilst information security will not be as badly affected as other areas, any upturn in recruitment generally does not occur until a recession is over. It is hard therefore to predict how long the market will remain subdued.
For security professionals entering the recruitment market, we would recommend increasing their marketability by undertaking professional certifications desired by prospective employers such as CISSP, CISM or ITIL. Depending on the type of role undertaken, it may also be useful to pursue vendor certifications. For example if a security practitioner is looking for a hands-on technical role involving Check Point firewalls it would be beneficial to gain the CCSE and CCSA certifications, and equally to gain more certifications from other vendors’ products they work with. The technologies most highly rated in the security industry and most commonly used are generally the ones security professionals should aim to certify in first, so long as they are relevant to the type of role they will be seeking.
It is important to remember that a CV is what determines in the first instance whether a candidate is invited to interview, either with a potential employer or with a recruitment agency. During the recession agencies and employers will be receiving an unprecedented number of CVs so it is crucial a CV is written to a high standard. This does not mean keeping it to two pages, but it does mean clearly and succinctly providing all the relevant skills and experience for the specific role for which you are applying. It may mean candidates need to have two or more CVs that focus on different skill areas, such as one for security consultancy opportunities and one for security management positions.