Workers in the IT security field are in great demand, but companies often don’t invest in them until after a crisis strikes.
Workers in the IT security field are in great demand, but companies often don’t invest in them until after a crisis strikes.

The continuing jobs crisis regarding the availability of quality IT security professionals can be summed up with an old adage: Penny wise, pound foolish. That's because workers in the field are in greater demand than ever before, but companies often don't invest in them until after a crisis strikes.

According to specialized recruiters, the talent dearth – especially true in the private sector – lies with a general failure to make security an utmost priority within organizations to develop and retain skilled experts charged to protect the family jewels. Sadly, corporations usually wait until they're hacked and then overpay for outside consultants, rather than prepare proactively in-house for the real possibility – let's say inevitability – they might be a target for a major breach. Experts with whom we spoke concur that better recruitment at the university level may improve the future situation, which these days increasingly includes going overseas for qualified candidates. Moreover, it behooves the industry to promote IT security as a hot, well-paying career to young computer/mobile.

According to specialized recruiters, the talent dearth lies with a general failure to make security an utmost priority to develop and retain skilled experts charged to protect the family jewels. Unfortunately, corporations usually wait until they're hacked and then overpay for outside consultants, rather than prepare proactively in-house for the real possibility – or more accurately, inevitability – they might be a target for a major breach. Experts by and large concur that better recruitment at the university level may improve the future situation, which these days increasingly includes going overseas for qualified candidates.

Moreover, it behooves the industry to promote IT security as a hot, well-paying career to young computer/mobile enthusiasts before they even graduate high school and, ideally, instill that philosophy within education curricula as early as possible. 

Besides revamping upper-and-lower education, Adam Malanaphy (left), managing director of Montclair, N.J.-based IT recruitment firm Glenmont Group, believes solving the shortage will take a change in public perception of the information security job market. “One way to bring this issue into the limelight is to pressure politicians to highlight the demand for skills in information security,” he says. Introducing specialized courses at STEM high schools is an initial step that will pay off in the future, says Malanaphy, whose firm is actively working on around 125 open positions, of which about 20 percent are in information security. 

In order to satiate the more immediate need, Malanaphy advises making available more certifications at U.S. colleges and universities, with special emphasis on guidance departments to understand the viability of the job market. “Internal recruiters should focus their time on key universities offering advanced degrees,” Malanaphy says. He admits that at his firm the focus is not on recent grads, but on candidates who are currently working in these positions. Education and experience are not equal in the real world.

“When a society becomes too focused on passing a test, as opposed to actually doing stuff, then you have a real problem,” says Lee Kushner, president of LJ Kushner & Associates, a Freehold, N.J.-based executive search firm specializing in the information security industry. “Information security is more of a learned skill. Certified is not qualified. That is really the wrong way of looking at this problem.” Kushner squarely places the blame on HR departments that historically have not given information security the respect it deserves – and absolutely requires at this juncture. He's seeing HR departments combining roles – choosing from applications, security, engineering, development and architecture – into one position.