Home > Audit, Human Resources, Jobs, Training and Certifications, Security > A Painful Lack of Security Jobs

A Painful Lack of Security Jobs

Beautiful Day at the Golden Gate Bridge - Día ...
Image by worldsurfer via Flickr

I just read this excellent article from SCO Security and Risks magazine online, regarding the state of the job market for top level IT Security professionals, and I decided to share it with you because my sense is that we have been experiencing a similar situation in the IT Audit field.

The economic downturn has forced many companies to cut corners, and get rid of many folks at senior management levels (including many CISO’s and IT Audit Directors), creating serious hardships for a layer of individuals who are by all standards, the most qualified, best certified and experienced in the industry.    These individuals are not finding work because they are poorly qualified, but because companies no longer want to, or can not, pay them for having reached these high levels of expertise and professionalism.   The typical company in today’s environment is looking to hire a lower level (lower paid) “Analyst” with mid-level technical skills over a well seasoned IT Security professional.    From my discussions with peers in IT Audit, the same is happening with folks holding multiple certifications, CISA-CFE- CISSP or CISA- CBCP-ARP, which would have been insane or close to impossible just two years ago.   This sort of thing is happening all over the country as the article points out, and will have long term negative impacts on both companies and the individuals experiencing these hardships.   Below is an excerpt from the SCO Security and Risks magazine article, which you can read in its entirety by clicking the link at the bottom of the post:

“An IT security pro’s personal tale of a long and bloody job hunt and what it says about the industry’s current state of affairs.

We can blame it all on this dastardly economy, but even in good periods, qualified individuals find it difficult to land a job as an executive.

Just recently, I applied for a job as a director of information security. The position reported directly to the company’s hiring manager (CIO). It was widely advertised at the company so many of my friends and colleagues knew who the hiring manager was. I had already contacted the CIO directly — and had subsequently been introduced to him and recommended by other CIOs who knew him well, so the hiring manager immediately e-mailed me to say to contact the HR director for an initial phone interview and to call him later that same day.

Both interviews went extremely well, with conversations lasting well over an hour. We covered their challenges that I could address and gravitated to small talk on our past experiences. We clicked and had long, enjoyable conversations. The CIO said he would bring me in for a face-to-face meeting the following week once he had a chance to interview other candidates.

Deep down I was overly cautious, having been burned in the past, as I explained to another candidate who had applied. I said, “It would appear to you I’m a natural shoe-in or on the CIO’s short list by knowing so many people and from the work I do. But it is getting to the point that it no longer matters who and what you know, not even if you’re a close friend of the hiring manager.”

Being well-known in the industry and the local IT community, I knew who these other candidates were, and we shared much information. It is a small world.

In the weeks that passed, I sent the CIO two follow-up e-mails, I also e-mailed the HR director in California. All three were met with silence. I also left the CIO two voice mail messages — one on his office line, the other on his personal cell phone — and neither was returned. After three weeks, I received a phone call from the HR director telling me the CIO was unsure about the position. He was contemplating diminishing the role to a lesser grade and I was, of course, overqualified, and so were the other candidates…..”

To continue reading this interesting story, please click the link below:

What do you think?  Are you a high level person experiencing something similar in today’s economy.  Please share by leaving a “Comment.”

Enhanced by Zemanta
  1. Bob
    October 30, 2009 at 2:06 PM

    I read the article from SCO Security magazine also. I’ve been unemployed for four months now and I don’t see any signs of a recovery or a job soon. I confirm what you are saying about the credentials. What good are the credentials if there are no jobs.

  2. Sam
    November 3, 2009 at 2:05 AM

    Have you tried looking abroad? There are far more jobs available in other countries that weren’t hit as hard by the financial crisis as the US or UK. Industrial nations have a great number of security jobs available.

  3. Lisa
    November 16, 2009 at 3:30 PM

    I just read over your article on the issues with finding high level IT security or audit jobs. When reading through your experience it could have easily been written by me.

    All too common, I have heard and experienced the same problem you describe. Just recently I applied for a senior IT Security role only to be told again, I was over qualified. Other times, the response was, well we are looking at filling that role internally because we’ve changed the requirements and decided to hire someone more junior. Which, of course puts me in the over qualified position again. Other times, I’ve been told they are no longer moving forward with the role. Blah, blah, blah.

    Honestly, I think companies are playing games and farming the candidates, in hopes they will either receive a handout from the government or the economy will turn around so they can hire a few qualified candidates. However, I believe the bottom line for companies is money! Some use the economy as an excuse to lay off workers, make current employees work longer hours for less pay, and new hires do multiple roles. In the long run, they lose because this will catch up with them. For now most are willing to take the risk.

    As for the subsequent comments on applying for jobs in other countries I have done that as well with little success. A word of caution on this, as I was reading one article on a young IT security professional from the US who went missing and is presumed dead.

    Apparently, he took a job not knowing the full details and the company that employed him had no policy or procedure on what to do if you got in trouble in foreign countries. All too often, in developing countries there is a fine line between law enforcement and the criminals.

    That’s my two cents worth. All the best to you job seekers out there!!!!

  4. Henry
    November 16, 2009 at 4:03 PM

    Joel,

    I agree with your point.

    The job market for high level IT Security and IT Audit jobs is depressed, especially in the New York region. There are a ton of highly qualified and certified people looking for work, but few real jobs. On top of it, the market for CISSP’s is being hurt by the hundreds of “Paper CISSP’s” who have the credential but no practical experience in security or even networking technology. I often think that in India they must be selling the CISSP certifications cheap, because the number of Indians with the credential is ridiculous, but many do not even know what a Firewall is. The bad economy and these people working cheaply are hurting qualified locals.

  5. July 20, 2012 at 5:08 AM

    Very informative article. I have noticed from the other comments that people are really struggling to find work in this area. Our job board may be of interest, we specialise in hiring SC Cleared candidates and I’m sure there will be vacancies there of interest for some of you.

    http://www.scclearedjobs.co.uk/

    I hope this helps many of you getting the of you in getting deserve

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: