History is rich with examples of bright minds missing important trends that, in retrospect, appear almost ridiculously obvious. Bill Gates, for one, misjudged the Internet’s impact so badly in the first edition of his book The Road Ahead in 1995 that subsequent editions required substantial face-saving rewrites.
So it’s not necessarily surprising that more IT workers don’t see the Next Big Thing in IT careers: information security. But I think I know what’s behind the myopia and what’s driving the enormous upside potential for security jobs.
Information security is struggling through a major transition, expanding its focus to include protecting the virtual as well as the physical perimeter. And it’s tough to sell insurance against security-related catastrophes to stressed-out business executives fixated on earnings, market share and customer satisfaction.
Security execs frequently complain about lack of support for new security initiatives and the limited authority to get things done. Add to this the new demands to prove the effectiveness of security programs. Then there’s the friction between the security staff, the CIO and development teams. The truth is, information security has long been managed in an ad hoc fashion with little done to formalize criteria that would make it a bona fide profession.
However, if pay is an indicator of the future, change is afoot. Base pay for corporate IT security jobs grew 3.1 per cent in the past 12 months, while average IT pay declined nearly six per cent overall, according to my firm’s most recent quarterly compensation survey. Bonuses for security professionals climbed an average of 9.5 per cent, but bonus pay for IT jobs overall dropped a steep 34 per cent. Premium pay for security certifications is up a whopping 23 per cent since the first quarter of 2001, even though overall technical certification bonus pay declined five per cent in that period. We expect security pay to continue to outperform the market.
Security budgets have been spared the drastic cost-cutting plaguing IT. That’s because companies are spending billions on e-business infrastructure and development and will continue to do so for years. Gartner Inc. analysts, for example, predict US$288 billion in online revenues by 2006, up from US$72 billion in 2001.
Protecting corporate networks is a top priority today, but it’s easy to imagine data protection and privacy concerns also gaining serious attention as e-business models mature and security breaches multiply in frequency and severity. And budgets will certainly improve if the economy ever does.
Beginning in late 2003, employers will be much more aggressively recruiting security professionals with the right combination of skills, knowledge, experience and character.
While technical security skills and network expertise will always be in demand, a red-hot market will explode for managers with a broad view of security and the ability to think strategically, adroitly navigate corporate politics and create systems for entire organizations. And soon, colleges will confer information security degrees that blend information security, communications and psychology.
It’s a great time for all IT professionals pondering their futures to consider the security profession, especially while barriers to entry are low. If you’re already working in the field, or if you’re a downsized security worker with experience and certifications, don’t be discouraged – your on-the-job experience will place you well ahead of the swarm of new entrants soon to gravitate to the field.
Foote is president and chief research officer at Foote Partners LLC, a management consultancy and IT workforce research firm in New Canaan, Conn. Contact him at dfoote@footepartners.com.