Monday, June 29, 2015

Mid-Year 2015 Information Security Career Demand...What's Hot?

Anybody can go to a major job board and look at posted jobs to see what’s hot and what’s not.  How about a different perspective on what’s hot and what’s not from a recruiter who has specialized in security, risk, compliance and privacy going all the way back to his first information security search in 1995.

Not all companies are willing to pay search fees to acquire talent and they have many reasons for taking their position.  Some companies are filling security jobs all the way up to the CISO level in order to check boxes and to get through audits.

Other companies are taking security much more seriously.  While many companies are still checking boxes in order to pass regulatory audits, some of my clients are hiring security talent up to the CISO level in order to build sound security programs. These are the jobs you want to check out.

When a company is willing to pay a search fee, they expect the security recruiter to deliver the industry’s best talent and they seldom compromise.  The best talent in this case will have done a great job of managing their career progression so they have the right mix of skills but not too many jobs.  This effort on the job seeker's part is much more of an art than a science.

When a company is paying a search fee to a highly specialized recruiter, you can assume as a job candidate that they might be a bit more serious about the quality and fit of their candidates than a company that is posting jobs and hoping for the best.

What Information Security Careers  / Cybersecurity Careers Are Hot in Mid-2015?

Security Engineer: This title and similar titles are hot everywhere!  Skills required include Firewalls, IDS / IPS, SIEM, Identity Management, Application Security and more. 

Security Architect: This job title is landing on my desk from any industry you can think of and the demand is coming from coast-to-coast. 

Application Security Architect / Secure Software Development:  This demand comes to me from coast-to-coast.  The best paying jobs are those that require a candidate to have several years of coding / software development background prior to picking up application security / secure software development skills.

IT Risk Management / Compliance: This type of role is coming to me from many different industries and locations.  In this type of role, employers are expecting candidates to have experience with several different industry compliance regulations and security frameworks.  This particular role is one in which business skills and communication skills start to become very important as this person will usually work very closely with people in business units and with partners across Information Technology.

Information Security Manager:  This role comes with many different titles but it is essentially the first step in most companies to becoming a CISO one day.  This is where technical skills will get you in the door but it is your business understanding, communication skills and relationship building skills that will propel you to the next level.

CISO or VP of Information Security:  When these roles come to my desk, they arrive either as a fresh search where a company wants to interview a few of the right candidates and make a hiring decision or I get these searches after they’ve been open for as long as 6-18 months.  Every CISO level search I’ve had on my desk in the past few years has required me to find candidates who have skills in many different technical areas but more important are their business skills and their emotional intelligence skills.

Things Are Heating Up

While I have current searches on my desk, I’m also waiting for several companies to complete contracts with me.  Nearly all of the positions listed above are in my pipeline connected to the companies I’m negotiating contracts with right now.  Stay tuned!'s Security Recruiter Blog