The market for federal information security professionals represents stability and opportunity, but at the same time, hiring managers face challenges matching skills with agencies’ cyber security needs, according to a recent survey.

Highly trained and experienced information security professionals already in federal jobs say they are experiencing nearly full employment, coupled with career advancement opportunities and salary increases in 2011, according to the 2012 Career Impact Survey released earlier this month. However, the difficulty hiring managers are having with finding recruits with the right skills presents a continued challenge for the cybersecurity workforce.

“The federal results from our latest Career Impact Survey validate the persistence of our national cybersecurity workforce challenges: information security professionals with the right mix of knowledge and experience remain in high demand by government hiring managers, but qualified candidates are hard to come by as agencies try to build their security teams,” said W. Hord Tipton, CISSP-ISSEP, CAP, CISA, executive director of (ISC)² and former CIO of the U.S. Department of the Interior. “While decreasing budgets are a key factor in this hiring challenge, these results reinforce the need for a distinct career path in this field and a definition of roles in order to make it easier for hiring managers to find and place candidates with the right qualifications. They also demonstrate that the government’s existing methods to fill the pipeline are not working.”

Results of the survey, conducted by (ISC)²®, found that approximately 97 percent of the 545 federal government information security professionals are currently employed, and only 8 percent were unemployed at any point in 2011. Federal respondents also reported experiencing upward career mobility last year, with 62 percent receiving a salary increase in 2011 and 48 percent expecting a salary increase in 2012. Further, of the 60 percent who changed jobs last year, 43 percent did so to pursue advancement opportunities, and 31 percent because of personal preference.

The Career Impact Survey, now in its third year and conducted by (ISC)2, which has over 80,000 members in 135 countries, tracks the impact of the economic climate on cyber security salaries, hiring outlook, budgets, threats and more. More than 2,250 information security professionals worldwide participated, including 545 information security professionals in U.S. federal government agencies.

Other key federal-specific findings from (ISC)²’s 2012 Career Impact Survey include:

  • 83 percent of federal hiring managers say that it is extremely difficult to find and hire qualified candidates.
  • The top three skills federal hiring managers are looking for are certification and accreditation (68 percent), operations security (55 percent), and telecommunications and network security (53 percent).
  • Federal respondents rated the following initiatives as the least successful when measuring the success of the government’s hiring methods: dedicated programs such as the US Cyber Corps, recruiting from specific colleges and job fairs.
  • Federal respondents reported the top three security risks in 2011 as attacks against an agency’s systems/infrastructure (39 percent), increased risk due to mobile devices (27 percent), and targeted attacks against personnel (13 percent).

The (ISC)² 2012 Career Impact Survey was conducted from December 2011 to January 2012, with 2,256 respondents globally to gain insights into how economic conditions and security threats affected the information security profession in 2011 and to gauge the 2012 outlook. The most common sectors represented were government at 28.9 percent; information technology at 28.5 percent; professional services at 18.2 percent; banking at 11.3 percent, and telecommunications at 9.9 percent. The majority of respondents’ organizations had over 1,000 employees. 23 percent of respondents work as security managers for their agencies. With the help of these survey respondents, (ISC)² is identifying important workforce trends in an effort to help solve the global cyber security workforce crisis.