Direct attacks, identity and information theft of all sorts (especially social engineering), persistent advanced threats… the risks associated with information security are continually multiplying in a world which is increasingly more digital, mobile, and multi-device based. With this backdrop it is no surprise that cybersecurity experts are in high demand along with professionals in other sectors such as information analysis, big data technology, and data scientists.
So, which are the most desired profiles in security departments? Which training do these professionals need to have and how much are they paid? To get the answers to all of these questions, and to help security experts and the businesses which are looking for them have a realistic idea of how they fit into the marketplace, we have consulted two HR experts with specific experience in the IT sector. Sára Álvarez, Spring Professional manager at Adecco, is in no doubt – engineers and security technicians, as well as auditors specialized in this area and even pre-sales engineers, are the most sought-after roles in security departments.
María Mosquera, executive manager at Michael Page Technology, adds that Logic Security Managers, IT Security Technicians and Experts, Security Managers, Ethical Hacking Experts, and CISOs (“this is generally a position attained after a promotion from another management role”) are the job profiles that are in demand. They are particularly sought-after by consultancy firms “where there are parts of the business solely dedicated to information security”. The role of CISO, she says, “is generally reserved for larger companies”.
Professionals that are requested more and more
“In recent years we have identified a clear need for these profiles in different customers in different sectors. It is a reality that security is increasingly important in companies because everything is already in the network,” states Alvarez. “In 2014, especially, we saw that the focus of the security companies completely changed. Whereas before these profiles were sought out as needed, nowadays they fill their departments with expert, permanent staff in in order to prevent data leaks and other threats. The demand for security professionals almost doubled last year compared to 2013”.
Mosquera agrees with Adecco’s spokeswoman about the growing relevance that security has taken in all organizations, which she says typically have a specific department or work with external consultants specialized in the field. “Hence the demand for relevant specialists to simulate Ethical Hacking security attacks and be ready to counter them,” she added.
Necessary training
Regarding the training demand for these profiles, it is diverse but always related, obviously, to the world of information technology. “Normally these roles have an extensive background in systems and, over time, have been specializing in security,” said Alvarez, although Mosquera says that besides being IT graduates, many professionals in the field of security are telecommunication engineers.
Of course, both agree on the importance of these experts having a series of certifications: “The most important are those such from ISACA, such as CISA, CISSP, and CISM, others like CEH, CRISC, and SIEM. They should also know how to handle tools with ad hoc security solutions at companies like Panda Security, Palo Alto Networks, Bluecoat Systems, Symantec, etc.,”, explains the spokeswoman from Michael Page Technology.
While the more technical positions require more practical training on certain products, they majority related to the management or security strategy, for example, the auditor, which should develop contingency plans and data protection, need more certifications linked to such development plans, with knowledge of the existing data protection rules (in Spain the LOPD), and the advising on information systems, etc.”, reveals Álvarez.
So, how much are they paid?
And now the big question – what is the salary for profiles related to information security? “The positions from technician to manager and expert, often range between €45,000 and €65,000 gross per year, depending on whether the position is for a consultancy or end company. In consulting, the categories above manager can reach €75,000. For the position of CISO, the salary range depends on the size of the department and consequently of the organization, but may be around between €80,000 and €120,000 gross,” reveals Mosquera.
Alvarez is more conservative regarding the salaries. “The lowest profile, the technician, can start from €30,000 gross per year, but if the professional has certifications, speaks English and relevant experience, the salary may be higher, from €35,000 to €37,000. Security engineers earn between €35,000 and €45,000 euros gross per year, the architects, who are the most powerful on a technical level, earn between €40,000 and €52,000, auditors start out with a salary of €42,000 and security managers start with €50,000″. The Adecco spokewoman also highlights a role that is on the rise in the security sector, that of presale management, whose salary is between €35,000 and €46,000 gross per year.
The trend in salaries of these experts, of course, is increasing. Keep in mind that many times it is not easy to find these profiles and, above all, retain them in companies that literally raffle the best. Therefore, another trend that is beginning to prevail in many companies is addressing HR policies aimed at retaining these profiles by other incentives such as training, and social benefits, etc.