Calm amid the stormIT security jobs largely untouched by economic slowdown

A week ago (27 January 2009 HS Daily Wire), reflecting on the fact that homeland security companies appear to be weathering the economic storm better than companies in other sectors, we wrote that

One sparrow does not a summer make, and the impressive Q4 financial results of one security company do not mean that the homeland security sector will escape unscathed from the current economic downturn — and yet, and yet. We reported the other day about the U.S. Customs and Border Protection agency’s plan to hire 11,000 additional border patrol agents in 2009 (26 January 2009 HS Daily Wire), and about the expected growth of India’s IT security sector (26 January 2009 HS Daily Wire). The other day, Check Point Software reported record Q4 and FY2008 financial results.

Two days later, writing about General Dynamics’ Q4 financial results, which showed profits rising nearly 6 percent, we added: “The other day, writing about the impressive FY2008 and Q4 2008 financial results of IT security innovator Check Point, we said that one sparrow does not a summer make…  How about two or three sparrows?” (29 January 2009 HS Daily Wire).

Let us point to more sparrows. Information security jobs may not be the most glamorous ones in the technology industry, but at least they appear to be a lot more secure than many other IT positions are in the ongoing economic slowdown. Two reports scheduled to be released on Monday, one from the SANS Institute and the other from Foote Partners LLC, say that the size of security staffs and the money companies are willing to pay them have remained surprisingly steady. Helping to ensure that IT security workers have job security, according to the reports, are factors such as regulatory compliance demands, increasing data protection requirements stemming from wireless deployments and rollouts of virtualization technology, and growing consumer angst over data breaches.

Computerworld’s Jaikumar Vijayan writes that the report that will be issued by SANS, a security training and research firm in Bethesda, Maryland, is based on an online survey of 2,120 security executives, most of whom were from companies with between 10,000 and 40,000 employees. SANS said the survey showed that through the end of November, 79 percent of the respondents were predicting no immediate reductions in their IT security staffs. And even in the cases in which survey respondents said they did expect to eliminate security jobs, the number of positions expected to be cut was mostly very small. For instance, less than 3 percent of those surveyed said they would be cutting 15 or more security jobs this year.

On the other hand, slightly more than half of the respondents - 54.8 percent — forecast that their organizations would not hire any additional security personnel this year, SANS said.

Even so, the survey results reveal a surprising stability in the information security job market amid all the cost-cutting and layoffs that are taking place, said Alan Paller, director of research at SANS. “I was expecting to see the number [of security jobs] going down significantly,” Paller said. “But most people are not changing anything at all.”

Vijayan writes that Paller added that the security skills that appear to be attracting the most interest from employers are the more “hands-on” ones, such as computer forensics, penetration testing, intrusion detection and incident handling.

The salaries being paid to security professionals continue to “show that security skills are highly valued,” Paller said. Nearly 40 percent of the respondents to the SANS survey said they earned more than $100,000 annually, while only 1.65 percent said they were being paid less than $40,000 per year. Even those with less than three years of experience reported earning an average salary of almost $72,000, according to the SANS report, which notes that security salaries generally appeared to be highest on the West Coast.