Sponsored By

So You Want to be a Security SpecialistSo You Want to be a Security Specialist

A look at opportunities and career considerations for information security specialists.

Gary Audin

April 22, 2016

4 Min Read
No Jitter logo in a gray background | No Jitter

A look at opportunities and career considerations for information security specialists.

There are not enough security specialists to fulfill the present openings, with some predicting this shortage will worsen before it improves. The introduction of the Internet of Things will only make the situation worse. (See related blog, IoT Security: An Avalanche of Problems.) How Bad is it?

The 2015 (ISC)2/Frost & Sullivan Global Information Security Workforce Study estimates a global shortfall of 1.5 million information security professionals four years from now. Sixty-two percent of the nearly 14,000 survey respondents said there are few qualified information security professionals at their organizations. Additionally, Frost & Sullivan projected there would be 195,000 new information security specialists in 2015, up 6% over 2014.

The employment market analytics firm Burning Glass Technologies discovered a 91% growth in cybersecurity jobs between 2010 and 2014. In 2014, there were 238,158 cybersecurity job postings. Cybersecurity jobs account for 11% of all IT jobs. It takes 8% longer to fill cybersecurity jobs than other IT roles. Roughly 50,000 of the job postings in the U.S. requested a CISSP certification (Certified Information Systems Security Professional) and 5 years of experience for job candidates. However, there are only about 65,000 CISSP holders in the country, many more jobs than qualified specialists.

The average annual salary among the security specialists surveyed in the (ISC)2 report was $97,778. There is a difference between (ISC)2 members and other security specialists. Non-member security specialists reported an average annual salary of $76,363. The salaries among security specialists with an (ISC)2 membership averaged $103,117 annually, 35% better than non-members. The average salary growth was 2.1% for members and 0.9% for non-members.

All of the tables and charts that follow are from the 2015 (ISC)2/Frost & Sullivan market study.

The (ISC)2 survey analysis revealed changes in the areas in which security specialists are focusing their training. BYOD and cloud computing have become less important. This appears to be due to the changing threat environment. The emphasis has moved to remediating breaches. Training in incident response, forensics, and event management has increased. Use the chart below as a guide to those areas that are gaining importance so that you pursue them in your training.

Practicing as a security specialist is highly specialized and requires knowledge -- knowledge that must be continually updated. The survey respondents expressed the need for additional training. Although training and experience certainly help, the personality of the specialist also must be considered. The primary attribute needed for success in information security is a broad understanding of the security field. Some might say that a holistic view is important since the security attacks and breaches come in many forms and from many different directions. As specialists close security loopholes, the attackers change their strategies to work around them.

Communication skills are very important. You will need to explain problems and solutions to less knowledgeable people. You will also have to justify the budget for the security investments clearly and in a well-organized persuasive manner. Security is more than working in the closet or at a console. Technical knowledge and awareness, and understanding of the latest security threats come with the territory. Compare yourself to the chart below from the survey. Look for those conditions, knowledge, and traits, and compare yourself to them. Improve where you see weaknesses.

All industries have gaps in their security forces. Not all the gaps are equal. Healthcare, education, and retail top the list. As you can see from the chart below, every industry is an opportunity for employment. The specialist shortage is not static. The percentage of security specialists reporting "too few" information security specialists in 2013 was 55.9%. In 2015, the number increased to 62.2%.

A similar outlook about income and shortages for the security specialist can be found in the "2016 State of the CIO Survey."

Some of my security blogs may be helpful in analyzing if and when you want to enter the security arena, Responding to Security Incident Threats, Who's on Your Network?, Securing through Machine Learning -- Part 1, and Securing through Machine Learning -- Part 2.

About the Author

Gary Audin

Gary Audin

Gary Audin is the President of Delphi, Inc. He has more than 40 years of computer, communications and security experience. He has planned, designed, specified, implemented and operated data, LAN and telephone networks. These have included local area, national and international networks as well as VoIP and IP convergent networks in the U.S., Canada, Europe, Australia, Asia and Caribbean. He has advised domestic and international venture capital and investment bankers in communications, VoIP, and microprocessor technologies.

For 30+ years, Gary has been an independent communications and security consultant. Beginning his career in the USAF as an R&D officer in military intelligence and data communications, Gary was decorated for his accomplishments in these areas.

Mr. Audin has been published extensively in the Business Communications Review, ACUTA Journal, Computer Weekly, Telecom Reseller, Data Communications Magazine, Infosystems, Computerworld, Computer Business News, Auerbach Publications and other magazines. He has been Keynote speaker at many user conferences and delivered many webcasts on VoIP and IP communications technologies from 2004 through 2009. He is a founder of the ANSI X.9 committee, a senior member of the IEEE, and is on the steering committee for the VoiceCon conference. Most of his articles can be found on www.webtorials.com and www.acuta.org. In addition to www.nojitter.com, he publishes technical tips at www.Searchvoip.com.

See more from Gary Audin

Editor's Spotlight

How Air Canada Tapped Amazon Connect to Modernize Its Contact Center Operations
Ccaas
How Air Canada Tapped Amazon Connect to Modernize Its Contact Center Operations
How Air Canada Tapped Amazon Connect to Modernize Its Contact Center Operations

Dec 16, 2024

How Talkdesk Delivers for Vertical Industries
Ccaas
How Talkdesk Delivers for Vertical Industries
How Talkdesk Delivers for Vertical Industries

Dec 5, 2024

How Vendors Could Help Small and Medium Businesses Navigate Change Amidst Rapid Change and Complexity
Ccaas
How Vendors Could Help Small and Medium Businesses Navigate Change Amidst Rapid Change and Complexity
How Vendors Could Help Small and Medium Businesses Navigate Change Amidst Rapid Change and Complexity

Dec 17, 2024

Subscribe to Our Weekly Newsletters
Stay informed and sign up for weekly No Jitter and WorkSpace Connect newsletters
Sign Me Up
Mar 17 - Mar 20, 2025
As the #1 communications, collaboration and CX Conference and Expo in North America, we empower IT professionals to confront and overcome today's most pressing challenges. Attend Enterprise Connect and join thousands of like-minded peers building a framework for future success. You’ll walk away with rich learning experiences, invaluable connections, business opportunities, and inspiring insights. Register with Promo Code CONNECT25 to save $200 on Conference passes.
Learn More