Key findings from the study include:
- The IT security jobs market will be 40 percent vacant in 2014. Furthermore, 58 percent of jobs at the supervisory level remain unfilled, with 56 percent of organizations surveyed reporting that they do not have a chief information security officer (CISO) as part of their C-suite.
- IT security professionals don’t have a clear professional development track. Only 32 percent of organizations view IT security as a career path, which may discourage candidates from entering the field.
- Degree programs are important for IT security candidates. The completion of a recognized college or graduate-level degree program is important to the hiring process for 84 percent of organizations—and essential to 14 percent.
- Hiring packages may be missing features needed to attract quality candidates. Fifty-one percent of IT security employees are paid more than other IT employees—yet 43 percent of respondents indicated that the main reason for high vacancy rates in security is the inability for organizations to offer a competitive salary.
- Senior IT security jobs are difficult to fill, leaving organizations with a lack of highly skilled security professionals. On average, it takes five months to fill a staff-level position, but it takes nine months to a year to fill a senior-level position.
- On average, women only make up 20 percent of the information security workforce. The Ponemon Institute has tracked female IT security survey respondents since 2005, and has only seen an 8 percent increase:"