Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

London, June 4, 2009 – The final results of a survey conducted by (ISC)2® (“ISC-squared”), the not-for-profit global leader in educating and certifying information security professionals throughout their careers, suggests that information security professionals can look forward to a future with new jobs coming onto the market and fewer expected budget cuts. The survey also indicated, however, that hiring managers are struggling to fill positions as candidate salary expectations and skill levels do not meet current demand.

Of the more than 2,800 (XX EMEA) (615 EMEA) professionals participating in the survey, over 7754 had hiring responsibilities, with 44 percent of those looking to hire additional information security staff this year and over 11 percent planning to add more than three people. The areas of expertise most sought after by those seeking candidates were (in order of highest demand) information risk management, operations security, information risk management, access control systems and methodology, applications and systems development security, and security management practices.

Despite economic conditions, over 80 percent of hiring managers identified that they are challenged in their efforts to find the right candidate. The range of concerns included a lack of desired skills or lack of available professionals within a local area; poor cultural fit; and salary demands that were too high for available budgets, particularly from people who had previously worked within the troubled financial services sector.

“Demands on professionals are changing. Companies want more for their investment, and professionals need to keep their skills and expectations in line with what businesses are looking for,” said John Colley, CISSP, managing director for EMEA, (ISC)2 . “Training and professional development will be essential for individuals as they manage their careers in this tough economy.”

(ISC)2 conducted the survey in April and May 2009 to gain insight on the impact the economic downturn is having on its certified membership and their employers. Members were queried about the effect on various budgets and their organisation and asked about their expectations for the future. They confirmed that outsourcing is having an impact but that activity on this front may be slowing – 30 percent had reported increased levels of outsourcing of security functions, while only 18.7 percent expected the situation to worsen in the next six months. Confirming preliminary findings released in April, budget cuts may also be slowing.

Over two-thirds (nearly 72 percent) of respondents said their information security budgets had been reduced in the six-month period from October 2008 – March 2009, and roughly half (53.6 percent) revealed that their information security departments had experienced at least one lay-off in the past few months. Looking forward, 62 percent said they did not expect any additional information security budget cuts for the remainder of the year, while nearly 9 percent expected an increase. Just over 59 percent said no additional personnel cuts would be forthcoming the remainder of the year.

“In this environment, companies may be tempted to make rash security decisions made in the panic to cut costs. Organisations are advised to proactively analyse how cuts affect their risk profile and avoid costly repercussions resulting from breaches and mandated reparations,” said W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS, executive director for (ISC)2.

The survey confirms that companies are making their adjustments at a time when they are experiencing more attacks. Organisations have experienced an increased impact during the economic downturn across several fronts, including internal hacking against the system (16.718.4 percent); external hacking attacks against the system (33.3 percent); theft of intellectual property (27.8 percent); and fraud and embezzlement (28.3 percent).

(ISC)2 conducts research regularly to gain insight on the state of the information security workforce and offers programs of support for members seeking new employment and career enhancement. Current resources developed to support job seekers include:
• Free resume posting and job alerts to certified members on its Career Center ( Employers can post jobs and search resumes for free as well, giving them a direct line to an audience of qualified information security professionals.
• Career clinics bringing specialists recruiters and job seekers together in interactive sessions to discuss current market requirements.
• A “Career Incident Response” podcast series from The Information Security Leaders, an organization devoted to assisting information security professionals in their career development efforts, is being made available to members over six weeks on the (ISC)² member site. The series is designed to help professionals recognise a potential “career incident,” help prevent one in the future and effectively respond should they fall victim to unexpected job loss.

Initial results from the (ISC)² career survey were released in late April with a promise to announce the final results upon the survey’s completion. The full results can be found here:

About (ISC)²
The International Information Systems Security Certification Consortium, Inc. [(ISC)2®] is the globally recognized Gold Standard for certifying information security professionals. Celebrating its 20th anniversary, (ISC)² has now certified over 60,000 information security professionals in more than 130 countries. Based in Palm Harbor, Florida, USA, with offices in Washington, D.C., London, Hong Kong and Tokyo, (ISC)2 issues the Certified Information Systems Security Professional (CISSP) and related concentrations, Certified Secure Software Lifecycle Professional (CSSLPCM), Certification and Accreditation Professional (CAP), and Systems Security Certified Practitioner (SSCP) credentials to those meeting necessary competency requirements. (ISC)² CISSP and related concentrations, CAP, and the SSCP certifications are among the first information technology credentials to meet the stringent requirements of ANSI/ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)² also offers a continuing professional education program, a portfolio of education products and services based upon (ISC)2’s CBK®, a compendium of information security topics, and is responsible for the (ISC)² Global Information Security Workforce Study. More information is available at

# # #

© 2009, (ISC)2 Inc. (ISC)², CISSP, ISSAP, ISSMP, ISSEP, CAP, SSCP and CBK are registered marks and CSSLP is a service mark of (ISC)², Inc

Note to editors: For further information please contact:

Teresa Horscroft
+44 (0)1420 564346

This press release was distributed by ResponseSource Press Release Wire on behalf of Eureka Communications in the following categories: Computing & Telecoms, for more information visit