The Schwartz Report

Blog archive

Security Skills Gap Widens, Pushing Up Pay

Deciding on which vendors' security tools to implement is a complex process, especially as threat and attack vectors frequently change, along with the environment itself (new infrastructure, apps and devices) that IT pros need to protect. But an even bigger challenge for IT professionals is finding skilled security experts.

A survey conducted by Intel Security's McAfee Center for Strategic and International Studies released last summer pointed to a global shortage of skilled cybersecurity professionals. The report gave a grim assessment of the current availability of those with security expertise across all disciplines. "The cybersecurity workforce shortfall remains a critical vulnerability for companies and nations," the report's introduction warned. "Conventional education and policies can't meet demand. New solutions are needed to build the cybersecurity workforce necessary in a networked world."

The survey of 775 IT decision makers in eight countries (including the U.S.) found that 82 percent are coping with a shortage of cybersecurity skills in their IT department, 71 percent report that the lack of talent is causing direct and measurable damage and 76 percent believe their respective governments aren't investing adequately in educating or training cybersecurity talent.

Among the three top skill sets respondents have the most demand for are for those who can help address intrusion detection, secure software development and attack mitigation. The report also estimated that up to 2 million cybersecurity jobs will remain unfilled in 2019. In the U.S., 209,000 open cybersecurity positions went unfilled and job postings have risen 74 percent over the past five years, according to the Bureau of Labor Statistics.

IT compensation Expert David Foote, founder of Foote Partners and author of this month's Redmond feature "IT Jobs Poised To Pay," emphasized the shortage of cybersecurity experts during the opening keynote address at last week's annual Live! 360 Conference, held in Orlando, Fla. "Companies are struggling to make this leap from information security to cybersecurity," Foote said. "Information security in so many companies and in so many regulated industries [is addressed] with very skeletal staffs."

Foote's report for the third quarter of 2016 showed that skills-based pay premiums for cybersecurity experts increased 10.7 percent for the year. Based on data compiled throughout 65 U.S. cities, the average  salary for an information security analyst is $99,398, while senior information security analysts earn $127,946. The average salary for security architects were $133,211. At the management tier, VPs of information security earned an average of $206,331, while managers of security compensation averaged $137,466.

Posted by Jeffrey Schwartz on 12/14/2016 at 10:48 AM


comments powered by Disqus

Subscribe on YouTube