Home » Security Leadership » Career/Staffing

Career Advisor: The Most-Wanted Security Skills of 2007 (and Beyond)

An information security recruiter reports that risk management, threat modeling and metrics expertise are in high demand

sed on alignment with business objectives, process improvement and enterprise design are needed to accomplish these goals.

At major consulting organizations in particular, this area proved to be one of the fastest growing and most difficult practices to staff, with the amount of assignments outweighing the availability of qualified consultants.

* PCI auditing and assessment. With compliance requirements growing and high profile breaches at companies such as TJX, the PCI assessment market was red hot at consulting firms. As payment card companies seek to transfer risk, merchants are being held to higher levels of accountability, and PCI consultants were in great demand. Services ranged from PCI assessment through remediation, and ideal candidates have a background in audit or assessment and are able to travel extensively. Those that have the PCI Security Standards Council’s QSA certification (Qualified Security Assessor) were in greatest demand

* Enterprise and operational risk management. 2007 showed a marked increase in corporations building operational and IT risk management departments. As companies work to implement processes that ensure a uniform approach to risk identification and measurement, demand for professionals with IT risk management skills will continue to increase throughout 2008 and beyond. The area of risk management is a natural transition for security professionals who have grown beyond the traditional technical roles and have developed a holistic understanding and approach to risk.

This can be a lucrative specialty. One New York investment bank is offering a total compensation of $300,000 to $400,000 for this skill set, and an insurance firm in Chicago is offering base compensation in the $120,000 to $140,000 for enterprise risk management professionals.

* Technical salespeople at product vendors. On the vendor side, demand continued to grow for sales engineers and highly technical business developers. Security vendors have been striving to differentiate themselves by providing deeper technical expertise to their customers. This approach is changing traditional sales methods, in response to customers who prefer to bypass relationship-based sales professionals often perceived as just “order takers.” Both polished sales engineers who are adept at selling and sales professionals with technical depth were in high demand.

What’s Next
In 2008, expect demand to increase for security professionals who can bridge the gap between policy, business process and technology. As regulatory and compliance requirements evolve, companies are searching for people who can interpret the new rules and map them to both existing and proposed security solutions. The goal is to effectively allocate resources while ensuring that the