The Bad News of No UnemploymentSellers Market for Infosec Pros Creates Employer Challenge
With such high demand for security professionals, employers must be wary of the prospects they consider to hire. People are known to inflate their resumes and claim knowledge they don't have.
Education is among the most common areas for which individuals furnish misleading information, says John Reed, executive director at Robert Half Technology, which recruits IT professionals for businesses and government. "This is especially true of people trying to get into the security marketplace," he says.
There are more people taking a couple short courses and passing themselves off as an expert.
Eugene Spafford, executive director of Purdue University's Center for Education and Research in Information Assurance and Security, says that's not good for the IT security profession in the long run. "There are more people taking a couple short courses and passing themselves off as an expert," Spafford says.
What's causing such concern is the unbelievable news that the Labor Department reported no unemployment for the broadly defined information security analysis occupation category for the first half of 2011, a group that has grown by 16 percent in the second quarter alone (see Infosec Joblessness Remains Steady, at 0%).
Practically, full employment means there are plenty of jobs, so those who aren't in IT security are taking a closer look at the field. The online employment service Dice reports that posting of IT security jobs more than doubled from 2010 to 2011.
Recognizing the demand for skilled IT security practitioners, academia is boosting its education programs. For instance, the National Security Agency and Department of Homeland Security increased the number of institutes that qualified for its Centers of Academic Excellence to 123 in 2010 from 106 in 2009. Plus, the federal agencies are accepting community colleges into the program, adding six since last year. Anecdotally, colleges report a modest increase in enrollment in IT security classes, although no solid number exists.
But not all education is equal; options range from one-hour webinars to week-long boot camps to six-year-long Ph.D. information security programs. Most of them offer value, but few making the transition from other fields will partake of the more rigorous programs.
A cautious Hord Tipton of (ISC)2 is closely watching the new players who want to switch jobs into the IT security profession because it is lucrative and offers employment at this point. "I fear this boom will aid professionals in seeking mere paper credentials to prove their expertise in this field, and this concerns me deeply," says the executive director of the not-for-profit IT security education and certification organization.
Like Tipton, employers will be cautious, too, in evaluating these credentials to ensure the applicants are who they represent themselves on paper.