For this year's SC Magazine Salary and Career Survey, we touched base with a large number of industry players. And, as you can imagine, in speaking with so many different people we weren't able to fit in everything. But, generally, folks thought our findings jibed with what they're experiencing.
Since most of our conversations began with questions of salary, they eventually veered toward general budget allocation for security, especially given the economy's lack of buoyancy right now. Anecdotally, I've heard plenty of scary tales about IT security-specific budgets getting slammed. However, in interviews for this piece, the consensus was that the flow of dollars dedicated to information security is staying steady or, in some happy cases, increasing. Nonetheless, given an expectation of a continuous downturn in the economy, security funds will feel the pain – if they're not already experiencing some small stings now.
And while financial planning for security is still a challenge – one that is likely to get more taxing as enterprises review where else costs can be cut during a prolonged economic slump – what still lingers as the number one trial for most information security leaders is getting risk management controls to be embedded into organizations' everyday business plans. Without cohesive strategies guiding them, divisional budgets can get hit, even during bullish periods. One way to help here is clearly delineating your position in the organization.
As this year's survey shows, business leaders are appreciating that IT security must be part of their overall organizational structure. Indeed, it's critical to the business. What this means to you is that the leadership role you play is vital to the company. And while it might take some effort from bosses to fully embrace this concept and all it means, compelling them and your colleagues to do so requires some finesse and follow-through on your part.
As you read about the results of this year's Salary Survey, remember that you must approach your day-to-day tasks collaboratively and strategically. All the information security endeavors you undertake must always tie back into the business projects they're supporting and the potential profits that could be gained from their success. Adopting this kind of vision may very well boost your company's earnings, showcase your contributions to enhancing overall profits, reinforce the importance of your function to the business, and fuel your own future career prospects.
Illena Armstrong is editor-in-chief of SC Magazine.