How to Succeed in a Two-Faced IT Security Job Market

More companies are hiring CSOs and moving security tasks in-house. But that doesn't always mean more jobs (article and 3 audio clips).

. What's this?

By , Senior Editor

September 01, 2009CSO

More companies have hired CSOs and CISOs in response to an ever-increasing regulatory compliance load. They are spending less on outsourcing as economic conditions prompt them to handle more security tasks in-house.

On the surface, such a trend would look like a great opportunity for IT security job seekers. But according to several IT security practitioners, that's not exactly the case. Still, there are lessons job seekers could learn from current events that could ultimately help their careers along.

In a recent series of conversations with CSOonline, IT security practitioners said they have indeed seen evidence more companies are bringing in CSO-level people to confront a dense web of security regulations and the growing threat of data security breaches [see Lessons of ChoicePoint, 4 Years Later for examples].

At the same time, they acknowledge an economy mired in recession is forcing companies to bring in-house a wider array of security tasks they once entrusted to third-party providers.

"When I first started working here, we were using a mix of vendors [to handle certain security tasks], but today, since I'm here and because of the economy, we are trying to do more in house," said Mauricio Angee, senior manager, IT security and compliance and CSO at Universal Orlando. In the beginning there was no security staff per se, and he was a one-man operation. But now he has four security specialists working under him, handling such tasks as firewall and IDS management.

  • Listen to the full conversation with Mauricio Angee HERE

    • But Angee's situation doesn't mean a rosy security job market in the larger picture.

    George Moraetes, a Chicago-based information security executive and enterprise architect, has seen first-hand evidence in his work as a consultant that companies are trying to cut corners and give the CIO or CTO the additional task of security so new hires aren't needed.

    "More CSOs and CISOs exist in the much larger companies, but go down to the small- and medium-level businesses and you see them giving people two hats. The CIO ends up being the security guy. I've recently talked to one CTO who is having to double as security administrator and he hates it," he said.

  • Listen to the full conversation with George Moraetes HERE

    • The job picture also depends on geography.

    Pete Hillier, an Ottawa-based CISSP and CISO, said there have been fewer CSO positions created in Canada because that country isn't grappling with as much regulation as the United States. "The need for compliance tends to mean more CSOs," he said.

    What is Tech Briefcase?
    TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
    Bookmark content
    Speed up your research efforts with content across the web.
    Search and Store
    Find the white papers you need. Create folders for any topic.
    View Anywhere
    Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
    Don't have an account yet?
    RESOURCE CENTER