On March 13, 2020 the COVID-19 virus was declared a national emergency. Since that time, there have been approximately 28.5 million confirmed U.S. cases of the virus, resulting in over 517,000 deaths, and in December the disease rose to be the leading cause of death for Americans.This month, the country welcomed a third vaccine in the fight against the COVID-19 pandemic, and the race is now on to get all U.S. adults vaccinated by the end of May. This is certainly great news for companies eager to get employees back in the workplace\u2014and for workers who have found it challenging to do their jobs remotely.While it remains to be seen \u00a0how work and life will play out in a post-pandemic world, many organizations have already experienced the future when it comes to hiring and managing information security professionals. The results have been both good and bad for all concerned, but collectively they have changed the hiring game permanently.Here are the top trends reshaping the recruitment and management of information security pros, and what those workers want and need from a job.Remote work increases the odds of a perfect-fit hireDespite many obvious impacts of COVID-19, the basic process for finding information security professionals hasn\u2019t changed that much. Security leaders or hiring managers post their openings on an organization\u2019s career page or job boards, they review the incoming applications, narrow down the list to acceptable candidates, and evaluate those candidates based on internal selection criteria, says Jean-Paul Philippe, cyber security recruiter and founder at Baxter Talent, in Knoxville, TN.\u201cThe biggest change we've seen due to COVID is the abundance of remote opportunities now available,\u201d Philippe says. \u201cWith many organizations swiftly transitioning into a remote workforce, security leaders recognize that highly skilled security professionals are more than capable of working remotely.\u00a0 Organizations that are open to remote hires are reaping the benefits of a considerably larger talent pool, thus resulting in hiring the best person for the job.\u201d\u201cThe downside of a larger applicant pool is the additional workload of screening more applications and candidates,\u201d Philippe acknowledges. \u201cAdditionally, organizations that move more slowly in their hiring decisions may miss out on their top candidates because strong security professionals usually receive very attractive offers from multiple companies at the same time.\u00a0 As a result, many strong security leaders realize a sense of urgency and a speedy hiring process leads to a successful hire.\u201dOn the flip side, organizations that don\u2019t tap this wider talent pool are at a distinct disadvantage, something Dorothy Dodenhoff, senior technical recruiter \u2013 enterprise information security at Wells Fargo in Charlotte, NC, knows all too well.\u201cWells Fargo decided two years ago to eliminate 100% telecommute hires,\u201d Dodenhoff explains. \u201cThe goal is to have employees work out of hub cities. This decision has caused us to lose a lot of extremely qualified prospects, as they are used to working remote and do not want to work on site. We are starting a new critical project, and there is discussion as to whether or not to allow for telecommute hires which, if approved, will greatly expand our ability to reach highly-skilled talent.\u201dIn fact, this hub-and-spoke model that Dodenhoff describes is exactly the business model that many organizations now aspire to. Rather than have all employees come to a central workplace, the \u2018office of the future\u2019 concept is to have smaller facilities, but more of them, and all inter-connected digitally. This allows organizations to downsize their real estate investments, enables workers to safely spread out, and eases the commute for workers that don\u2019t have to go to one central location.Wanted: Highly skilled candidates with superior communications skillsNot surprisingly, the greatest demand is for information security professionals that already have the right stuff\u2014and that includes both technical expertise and soft skills.\u201cThe hiring managers we're working with are seeking experienced security professionals with cloud, application security and risk management skills,\u201d Philippe says. \u201cSpecifically, skills and experience with AWS, Azure, and GCP, as well as experience with identity and access management (IAM), security information and event management (SIEM), incident response (IR), and intrusion detection and prevention systems (IDS\/IPS) are commonly required by our clients.\u201dOn the soft skills side, \u201ccommunication and influence appear to the number one skill in demand,\u201d Philippe adds. This is in part because of the particular communication demands of working remotely, but also \u201csecurity professionals are extending beyond their business unit and collaborating across their organization,\u201d Philippe says. In addition, working remotely has made written and verbal communications skills of paramount importance.\u201cThe reason COVID emphasized these skills so heavily is that security teams had to rapidly begin collaborating with other teams such as IT to help secure employee devices and networks," Philippe says. "And given that this basically happened overnight, security teams needed to rely on strong problem solving, attention to detail, and teamwork skills to make it all happen.\u201dHiring security talent with these skills and experience can be very difficult for many organizations. \u201cMost of these folks are currently employed and thus not looking to make a change,\u201d Wells Fargo's Dodenhoff says. In fact, \u201cmany candidates we reach out to are not comfortable making a change in employment during this pandemic. Our hiring cycle has been roughly 70 days, however, some jobs have been open for over six months.\u201dRemote work may slow the growth of cybersecurity salariesIt remains to be seen what the long-term impact of the pandemic and the remote workforce will be on information security salaries. Many hiring managers say base salaries haven\u2019t changed much, but the ability to work remotely has risen to the top of the desired benefits list.\u201cFor the organizations that I have been associated with, I have not encountered a significant impact on salaries,\u201d says Joshua Scott, head of information security and IT at Postman, and a member of the Information Security Leadership Foundation. \u201cI have seen additions to benefits and workplace elements to cater to the remote workers. For example, more use of official group video chats or common discussion channels to replace the typical group scenarios that happened in the office.\u201dWhere salary offerings are having the most impact is with job candidates competing amongst themselves.\u201cOne impact we noticed during the pandemic was that many security professionals living in smaller cities were now looking for new opportunities with much larger employers outside of their commutable geography,\u201d Philippe says. \u201cThese individuals realized that remote opportunities with larger organizations generally equated to larger compensation packages, better benefits, and greater future employment opportunities.\u201dOn the flip side, Philippe notes that security pros living in higher-earning areas now have to compete with equally strong talent open to less attractive compensation packages.\u201cFor example, a security engineer in the South East may have a base annual salary of $120,000, whereas a security engineer in the North East may be seeking at least $150,000 just to maintain the same standard of living,\u201d Philippe stresses.Remote workers will need to fight harder for recognition and rewardAssuming that the country can meet President Biden\u2019s goal of seeing all adults in the U.S. vaccinated by the end of May, one might expect the economy, and the workforce, to go back to the way they were before 2020. Not so fast, say workforce experts.Organizations and workers alike have learned that remote work is totally doable for many jobs. Many employees have gotten used to the arrangement and don\u2019t want to return to the workplace. That includes the majority of information security professionals.\u201cNinety percent of the security professionals we speak with desire and prefer remote opportunities,\u201d Philippe says. \u201cThe organizations that have responded positively to these wants tend to hire many of the industry\u2019s most talented security professionals.\u201dBut as with most things in life, there is a trade-off here.\u201cI believe some security professionals may face promotional limitations depending on their organization\u2019s remote, hybrid, or in-office requirements,\u201d Philippe emphasizes. \u201cIf employees are given the opportunity to choose to work 100% virtually or go into the office, I feel that employees who chose to work 100% virtually may see a slight decrease in promotional opportunities because of the reduced social interactions that happen when working alongside colleagues in a physical space.\u201d\u201cSecurity professionals should be aware of these potential downsides of working fully remote and be mindful that they may need to put in extra effort to build strong relationships and trust among their colleagues and supervisors since they\u2019ll be potentially missing out on the random social interactions that happen with physical proximity,\u201d Philippe concludes.