Job Trends: Top Skills, Certifications

Credit EligibleAs a HealthcareInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

June 17, 2010 - Upasana Gupta, Contributing Editor

Information security is becoming more mainstream in business organizations - and so are the new job opportunities for security pros.

Product/service implementation, forensics and audit functions are among the growth areas, according to the latest IT Skills Demand and Pay Trends Report from Foote Partners, an independent IT analyst firm focusing on IT workforce demand and compensation trends.

"Security is becoming more mainstream in organizations, with a focus on an enabler's role," says David Foote, CEO and Chief Research Officer. The focus is shifting from just 'hands-on' technical security skills to an integrated business approach of security and strategic risk management. New jobs are opening up that are not deeply technical, but more oriented to business issues in functional areas such as marketing, finance, HR, operations and in product development, where security is a concern for the customer.

2010 Trends

The biggest differences between now and Foote's 4th quarter 2009 report are an increase in adoption of security managed services, including wireless and voice over IP, and opening of more security jobs in strategic and business functions. These jobs are more oriented to risk management and assessment of new products and services, including cloud computing.

That's not to say that technical skills are not still a huge concern for employers, Foote says. "But the danger is that technology doesn't drive strategy, and it won't as far as enterprise security is concerned going forward."

Today, information security careers benefit from companies looking to acquire a wider mix of both technical and business skills, as well as to hire and retain hybrid business and technology security professionals across several security and business domains. But since speed and predictability of execution are critical, organizations are also seeking in-demand skills from contractors and consultants, looking at managed security services.

Employers also are thinking beyond the type of threats and attacks they face, investing time in understanding the impact of these threats on existing business assets and the value of information to the organization, its products, customers and revenues.

Among the key drivers pushing the demand for information security workforce, Foote says:

• Increased cybersecurity vulnerabilities;
• Accelerating demand for cloud computing, managed services;
• Increased security and privacy regulation and legal risks for non-compliance;
• Electronic medical record systems mandate;
• Retirement 'bubble" -- new pool of qualified candidates to fill gaps left by increasing number of security professionals leaving the workforce.

Hot Skills and Competencies

Foote tracks and updates the skills and competencies hot lists quarterly. Among the top security skills continuing to attract the most interest from employers:

• Intrusion detection and prevention;
• Forensic analysis;
• Identity & access management;
• Compliance;
• Threat and vulnerability assessment;
• Encryption;
• Data loss prevention;
• Penetration testing;
• Incident analysis and handling;
• Biometrics

Foote sees an unprecedented high volatility in the demand for IT skills, including security, as companies accelerate the shift to new IT service delivery and sourcing models. The new emphasis on strategic enterprise security is redistributing IT security resources and the skills and jobs required in the future, he says. For example, the managed security services market is expected to exceed $6 billion in revenues by next year, with wireless security services growing 27% per year through 2014. The services industries therefore, will be looking for talent to achieve this growth.

Among the hottest competencies in the marketplace:

• Forensics;
• Identity and access management;
• Intrusion detection and prevention;
• Penetration testing;
• Threat/vulnerability assessment management;
• Litigation support (e-discovery);
• Disk and file level encryption solutions;
• Data loss prevention;
• Application security;
• Governance, compliance & audit.

Top Certifications

With such a clear shift from focus on operational security to strategic areas involving business issues of risk management, Foote says, the trend is evident in the current list of hot certifications. Given the marketplace's demands, these professional certifications are earning the highest premium pay for pros: