In Depth
How to Succeed in a Two-Faced IT Security Job Market
More companies are hiring CSOs and moving security tasks in-house. But that doesn't always mean more jobs (article and 3 audio clips).
By Bill Brenner, Senior Editor
September 01, 2009 — CSO —
More companies have hired CSOs and CISOs in response to an ever-increasing regulatory compliance load. They are spending less on outsourcing as economic conditions prompt them to handle more security tasks in-house.
On the surface, such a trend would look like a great opportunity for IT security job seekers. But according to several IT security practitioners, that's not exactly the case. Still, there are lessons job seekers could learn from current events that could ultimately help their careers along.
In a recent series of conversations with CSOonline, IT security practitioners said they have indeed seen evidence more companies are bringing in CSO-level people to confront a dense web of security regulations and the growing threat of data security breaches [see Lessons of ChoicePoint, 4 Years Later for examples].
At the same time, they acknowledge an economy mired in recession is forcing companies to bring in-house a wider array of security tasks they once entrusted to third-party providers.
"When I first started working here, we were using a mix of vendors [to handle certain security tasks], but today, since I'm here and because of the economy, we are trying to do more in house," said Mauricio Angee, senior manager, IT security and compliance and CSO at Universal Orlando. In the beginning there was no security staff per se, and he was a one-man operation. But now he has four security specialists working under him, handling such tasks as firewall and IDS management.
But Angee's situation doesn't mean a rosy security job market in the larger picture.
George Moraetes, a Chicago-based information security executive and enterprise architect, has seen first-hand evidence in his work as a consultant that companies are trying to cut corners and give the CIO or CTO the additional task of security so new hires aren't needed.
"More CSOs and CISOs exist in the much larger companies, but go down to the small- and medium-level businesses and you see them giving people two hats. The CIO ends up being the security guy. I've recently talked to one CTO who is having to double as security administrator and he hates it," he said.
The job picture also depends on geography.
Pete Hillier, an Ottawa-based CISSP and CISO, said there have been fewer CSO positions created in Canada because that country isn't grappling with as much regulation as the United States. "The need for compliance tends to mean more CSOs," he said.
IT jobs
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
