Painting a Picture of Cybersecurity ProsA Multi-Dimensional Look at IT Security Professionals
What do TV's The Big Bang Theory, the computer game Call of Duty and traveling have in common? They're the top leisure pursuits enjoyed by IT security professionals.
That's part of the picture painted by a just-released survey by Semper Security, a public-private partnership aimed at increasing the IT security workforce in the United States. The survey of 500 cybersecurity professionals in 40 industries, which was conducted in May, is aimed, in part, to help employers understand the people they need to recruit and the environment that could attract those skilled professionals.
To recruit the best and brightest, the first thing employers have to do is understand who IT security pros are, not as statistics but as people.
"In order to engage a community, and to recruit the best and brightest, the first thing employers have to do is understand who IT security pros are, not as statistics but as people," says Steve O'Keeffe, founder of Meritalk, a government IT community that helps manage the Semper Security initiative.
The most surprising finding in the survey is that the federal government was ranked No. 2 as the place that IT security pros would want to work (Google was ranked No. 1 with self-employed and Cisco ranked No. 3 and No. 4, respectively).
Why such a high ranking for the federal government? "For top talent, cybersecurity isn't about just a job and a paycheck," says Virginia Secretary of Technology Jim Duffey. "It is about the hottest technology, deployed by honorable organizations, for a purpose that is inherently important."
Retention could be another reason; the government is a fairly stable employer, although sequestration that has forced day-long furloughs every two weeks and average pay cuts of 10 percent across the government hasn't helped. "It's not all about money," O'Keeffe says.
Asked what's most important to them about their jobs, by far, the IT security pros respond "the technology." That's followed by doing work that they consider of national importance and having control over their work environment, with flexible hours and telecommuting opportunities. "Truth of the matter is that the federal government is kind of where it's at ... where the frontier is," O'Keeffe says.
Integrity matters to cybersecurity professionals. Forty-four percent want to work for an employer with a code of honor, 34 percent for a leader in cybersecurity and 33 percent for organizations that push the evelope.
In light of the leaks by former National Security Agency contractor Edward Snowden of NSA's surveillance activities, the government's reputation could be on the line. (The survey was conducted before the Snowden revelations). The leaks cut both ways; they highlight some of the innovative technology the government has built, but they also raise ethical concerns that could tarnish its code of honor. O'Keeffe contends it's Snowden's honor that's being smeared, not necessarily that of the government. But I'm not so sure.
Here are some other interesting factoids from the survey:
- 22 percent want to take on more difficult challenges in their next assignment;
- 85 percent have professional certification, with Certified Information Systems Security Professional, Cisco Certified Network Professional Security and Certified Ethical Hacker being the most popular ones;
- Flexible work arrangements (which 81 percent say their employer offers) and total compensation are key to IT security pros' quality of life;
- Cost of living and traffic congestion are not major concerns, which makes sense because so much of the security industry - 19 percent in each locale - is based in California and the Washington, D.C., metro area; and
- Cybersecurity professionals are loyal to their employers; 65 percent say they've worked for only one or two employers during their careers.
The Pay Scale
As compared with most other occupations, cybersecurity professionals are well compensated. The average annual salary of a U.S. cybersecurity pro in the United States is $116,000 or $55.77 an hour, according to the survey.
Here are some examples provided by Semper Security: A deputy chief information security officer with at least 15 years experience working in Washington with a doctorate and five certifications averages nearly $143,000 a year. In California, a cybersecurity manager with at least five years of experience with a bachelor's degree and two certifications earns more than $111,000 annually. A junior non-IT management professional with an associates degree but no certifications and less than a year's experience pulls in $91,000 a year.
How do you stack up? To find out, try this calculator.
Are you a fan of The Big Bang Theory? How about NCIS, Halo and spending times outdoors (other favorite pastimes of IT security pros)? Where would you like to work next, and what would you want to do? Please share your thoughts.