It is already clear that the current market downturn is likely to have an effect on some information security teams in the form of redundancies, and several teams have already experienced the loss of staff members, while others are feeling the pressure or reading the signs.  This could be a short-sighted tactic, as evidence suggests that information leakage and industrial sabotage activity increases in such an economic climate – no time, therefore, to be cutting back on your intelligence, control and governance operations.

Conversely, it has been quite some time since we have seen so many senior information security job vacancies currently ‘on the market’.  It seems slightly counter-intuitive in the prevailing conditions. These vacancies are across a broad range of industry sectors (Banking, Petrochemical, Media, Energy, Distribution and Manufacturing), and so should be open to a broad spectrum of candidates, with varied skill and sector backgrounds.

However, the ‘ear to the ground’ indicates that around half of these positions are being filled by senior security candidates, plucked from another similar position elsewhere – ‘recycling CISOs’, is a term I have heard used.  Without any disrespect to the candidates concerned, one has to examine this approach and challenge both the employing organisations and the headhunters and recruiters, for adopting what appears to be a narrow, safety-first approach. 

Where is the Next Generation of CISO coming from, and how are they to get the opportunity to demonstrate that they have the capabilities required to fill some of these roles? We still have a job to do by way of education and outreach, to let employers and recruiters know what you get when you have competent information security professional such as an M.Inst.ISP on the team, and what such accreditations means in terms of the rigour and process of competence assessment – proof that these candidates could do the job.

The upside is that there are still several of these positions to be filled, and indeed some of the successful candidates will leave a new vacancy in their wake.  If it is possible to demonstrate strong competence and a clear track record, there are opportunities for upcoming information security professionals to break through this glass ceiling, even in a recession.

Gerry O’Neill

Delicious

Digg

Reddit

Facebook

StumbleUpon