Reshaped IT budgets, showing increased spending and changed priorities, reflect the fears and awareness of cyberterrorism in an age of insecurity.
The increased focus on security and infrastructure integrity is also reflected in the rising demand and salaries for IT security professionals.
Figures released in both Australia and the US show salaries for security positions increased up to three per cent in 2001, while salaries in other areas such as e-commerce and Lotus Notes remained flat due to the current economy.
According to the Quarterly IT Professional Salary Survey and Third Quarter Hot Technical Skills and Certifications Pay Index, conducted by Foote Partners, IT security skills are hot and Eddie Lui, recruitment agency manager at Robert Walters, said September 11 has added a sense of urgency to the network security agenda.
Lui said companies' need to review and implement processes in line with the revised infrastructure models now in place is driving demand for IT security skills.
"Infrastructure security is seen as a priority to many organisations which have undergone drastic internal changes to their business and systems. As businesses rationalise their IT infrastructure in cost optimisation exercises, new development projects and upgrades are put on hold with monies spent only on justifiable essentials," Lui said.
Glenn Floyd, CEO of the Institute of Online Security, said there is a strong case to support IT security professionals demanding and commanding high salaries, particularly within consultancies such as the Big Five.
Floyd said some specialists can command up to $3000 to $4000 a day.
According to Floyd, companies need to train non-IT staff in risk awareness as "it is the non-IT users who are at risk and cause the greatest failures".
"These people spend more time than IT people exposing the risks. They are accessing the Internet, opening e-mails which could contain viruses, and are dealing with the business itself, whereas IT people are dealing with machines," he said.
According to Reefe Brighton, CIO at Aurora Energy, the real or potential threat for cyber crime directed specifically at their company is a concern for IT managers.
"Each company now needs to re-think its threat profile on the basis of questions like: Are we an important part of state infrastructure?, Are we an icon of America and her allies and hence subject to cyberterrorism?, Are there other types of extremist groups which could take offence at our company over other issues like the environment or, for example, logging?"
According to the US surveys, four out of six security employees earn more than $US100,000 in total compensation.
Between the third quarter of 2000 and the third quarter of 2001, pay for senior information security analysts increased by 13.5 per cent, and pay for corporate information security directors increased 10.6 per cent. Pay for manager-level corporate security positions and Web and e-commerce security managers increased seven per cent.
The US survey indicated the top IT skills over the next 12 to 24 months include expertise in remote and wireless access, authorisation and authentication, B2B exchanges, privacy, cryptology and risk management.
Profile of IT security professional
According to Eddie Lui, manager, permanent IT commerce, Robert Walters incorporating Dunhill Management Services, the profile of a highly desirable candidate would be an individual who:
- has a thorough understanding of the different layers of the OSI model and the newer IP protocols.
- be able to provide broad-based solutions involving IDS and PKI.
According to Eddie Lui, manager, permanent IT commerce, Robert Walters incorporating Dunhill Management Services, the range of pay for IT security professionals is $85,000 to $220,000, with $110,000 to $120,000 the approximate average.
"These are people with solid security as their primary skill set and not generic administrators who support firewalls as part of their role," Lui said.
He said professionals with a proven track record of delivering security solutions and understanding the requirements of the business will command the higher levels of income.
"When measured against the potential impact to the business should a fatal security incident occur, their salaries are justifiable," Lui said.