security jobs

Need a security job? The Feds set a cap on security pros

The Department of Homeland Security marks the start of National Cybersecurity Awareness month with a cap on hiring.

The Department of Homeland Security could hire 1,000 cybersecurity related jobs over the three years, according to an announcement Thursday. DHS Secretary janet Napolitano described the positions pretty broadly: Cyber risk and strategic analysis; cyber incident response; vulnerability detection and assessment; intelligence and investigation; and network and systems engineering. That covers just about everything.

Two points that are interesting in this announcement. Napolitano calls the 1,000 position number a “cap.” Also, she says that DHS does not anticipate the need to fill all 1,000 positions.

From the DHS press release:

Although DHS does not anticipate the need to fill all 1,000 positions, this cap reflects the Obama administration’s commitment to equipping DHS with the critical tools necessary to build a world-class cyber organization and compete for cybersecurity talent.

Meanwhile, the role of Cybersecurity Coordinator remains vacant. But as Napolitano points out in her announcement, October is National Cybersecurity Awareness Month. Perhaps this is an incentive for the Obama Administration to announce who will fill the new role.

This is still some fairly positive news, although there’s a lot of room for improvement at the federal level. A recent study highlighted some issues in the DHS hiring process that has impeded getting cybersecurity talent in the federal government. Conducted by the Partnership for Public Service, supported by Booz Allen Hamilton, the study, “Cyber-insecurity: Strengthening the Federal Cybersecurity Workforce“ was conducted from January through June 2009.

From the study:

Since the activities and responsibilities of government cybersecurity positions are ill-defned, IT managers and human resource professionals say it is hard to describe to potential applicants and candidates what cybersecurity jobs entail, and therefore difcult to fnd the right talent. In addition, job seekers cannot readily identify available jobs or decide if they’re qualifed or interested, because they may not know how to translate “government speak” to fgure out what category or job title to consider.

Here are some of the takeaways:

• The pipeline of potential new talent is inadequate.
• Salary limitations hurt retention.
• There is a disconnect between front-line hiring managers and government’s HR specialists.

Wouldn’t it have been great if the federal government could have addressed some of the issues highlighted in this report? It recommends some steps the government could take to improve the hiring process, attract and retain talented cybersecurity pros and measure the success of a new hiring program.

Security industry remains resilient to tough economy

A new survey from Gartner Inc. is confirming what industry analysts and experts have said over the last year and a half: The Security industry is resilient to the tough economy.

Gartner is predicting a slight increase in security spending in 2010. A survey conducted in April and May of 1,000 IT professionals showed security software budgets expected to grow by about 4% in 2010, outpacing all other areas of infrastructure software. Security services budgets are expected to grow nearly 3%.

“In the current highly uncertain economic environment, with overall IT budgets shrinking, even the modest spending increases indicated by the survey show that security spending accounts for a higher percentage of the IT budget,” said Adam Hils, principal research analyst at Gartner. “Security decision makers should work to allocate limited budgets based on enterprise-specific security needs and risk assessments.”

Specific areas that could expect spending growth:

• Security information and event management (SIEM)
• e-mail security
• URL filtering
• user provisioning

In June Gartner said increased interest in managed security services is driving much of the growth in the specific areas above as well as the reliance on third-party compliance consulting and vulnerability audits and scans.

At the time, Hils told me security budgets were pretty flat in 2009 while IT budgets were in decline. Companies are buying from a single security vendor offering a suite of security offerings rather than niche players. Spending on firewalls and intrusion protection systems remains strong, especially where encryption and data leakage prevention is being done, Hils said earlier this summer

Still, I wrote a story talking about some security pros having trouble navigating an increasingly competitive security job market. Perhaps the move to managed security services has enabled some firms to cut on-site security jobs.

Salary expectations need to come down as well, so we’re not signaling an all-clear for the security industry. A 4% security spending increase, as stated above by Gartner, is a standard or even slightly substandard increase. The economy has taken its toll across the board.