Security Skills Provide Top Draw Across Still-Challenging U.S. IT Jobs Landscape

Updated: January 29, 2010

This periodic discussion and dissection of IT infrastructure related news and events, with a panel of industry analysts and guests, comes to you with the help of our charter sponsor, Active Endpoints, maker of the ActiveVOS business process management system, and through the support of TIBCO Software. I'm your host and moderator Dana Gardner, principal analyst at Interarbor Solutions.

Here are some excerpts:

I co-founded this company with a former senior partner at McKinsey. We developed a number of products and took them out in 1997. We not only have that big IT executive and trends focus as analysts, but also very much a business focus.

We've also populated this company with people from the HR industry, because one of the products we are best known for is the tracking of pay and demand for IT salaries and skills.

We have a proprietary database -- which I'll be drawing from today -- of about 2,000 companies in the U.S. and Canada. It covers about 95,000 IT workers. We use this base to monitor trends and to collect information about compensation and attitudes and what executives are thinking about as they manage IT departments.

For many years, IT people were basically people with deep technical skills in a lot of areas of infrastructure, systems, network, and communications. Then, the Internet happened.

All of a sudden, huge chunks of the budget in IT moved into lines of business. That opened the door for a lot of IT talent that wasn't simply defined as technical, but also customer facing and with knowledge of the business, the industry, and solutions. We've been seeing a maturation of that all along.

What's happened in the last three years is that, when we talk about workforce issues and trends, the currency in IT is much more skills versus jobs, and part of what's inched that along has been outsourcing.

If you need to get something done, you can certainly purchase that and hire people full-time or you can rent it by going anywhere in the world, Vietnam, Southeast Asia, India, or many other places. Essentially, you are just purchasing a market basket of skills. Or, these days, you can give it over to somebody, and by that I mean managed services, which is the new form of what has been traditionally called outsourcing.

It's not so much about hiring, but about how we determine what skills we need, how we find those, and how we execute. What's really happened in two or three years is that the speed at which decisions are made and then implemented has gotten to the point where you have to make decisions in a matter of days and weeks, and not months.

Resisting the temptation

There have been some interesting behaviors during this recession that I haven't seen in prior recessions. That lead me to believe that people have really resisted the temptation to reduce cost at the expense of what the organization will look like in 2011 or 2012, when we are past this recession and are back into business as usual.

People have learned something. That's been a big difference in the last three years. ... Unemployment in IT is usually half of what it is in the general job market, if you look at Bureau of Labor Statistics (BLS) numbers. I can tell you right now that jobs, in terms of unemployment in IT, have really stabilized.

In the last three months [of 2009] there was a net gain of 11,200 jobs in these five [IT] categories. If you look at the previous eight months, prior to September, there was a loss of 31,000 jobs.

Gain additional up-to-date data and analysis from Foote Partners on the IT jobs market.
So going into 2010, the services industry will absolutely be looking for talent. There's going to be probably a greater need for consultants, and companies looking for help in a lot of the execution. That's because there are still a lot of hiring restrictions out there right now. Companies simply cannot go to the market to find bodies, even if they wanted to.

Companies are still very nervous about hiring, or to put it this way, investing in full-time talent, when the overhead on a full-time worker is usually 80-100 percent of their salaries. If they can find that talent somewhere else, they are going to hire it.

There are certain areas, for example, like security, where there is a tendency to not want to hire talent outside, because this is too important to a company. There are certain legacy skills that are important, but in terms of things like security, a lot of the managed services that have been purchased in 2009 were small- to medium-sized companies that simply don't have big IT staffs.

If you have 5,000, 6,000, or 7,000 people working in IT, you're probably going to do a lot of your own security, but small and medium size have not, and that's an extremely hot area right now to be working in.

We track the value of skills and premium pay for skills, and the only segment of IT that has actually gained value, since the recession started in 2007, is security, and it has been progressive. We haven't seen a downturn in its value in one quarter.

High demand for security certification

Since 2007, when this recession started, overall the market value of security certs is up 3 percent. But if you look at all 200 certified skills that we track in this survey that we do of 406 skills, overall skills have dropped about 6.5 percent in value, but security certifications are up 2.9.

It is a tremendous place to be right now. We've asked people exactly what skills they're hiring, and they have given us this list: forensics, identity and access management, intrusion detection and prevention systems, disk file-level encryption solutions, including removable media, data leakage prevention, biometrics, web content filters, VoIP security, some application security, particularly in small to medium sized companies (SMBs), and governance, compliance, and audit, of course.

The public sector has been on a real tear. As you do, we get a lot of privileged information. One of the things that we have heard from a number of sources, I can't tell you the reason why, is that a lot of recruiting is happening in the private sector right now with the National Security Agency and Homeland Security -- in-the-trenches people.

I think there was a feeling that there weren't enough real deep technical, in-the-trenches kind of talent, in security. There were a lot of policy people, but not enough actual talent. Because of the Cyber Security Initiative, particularly under the current administration, there has been a lot of hiring.
Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more