New (ISC)²® Career Impact Survey Identifies U.S. Federal Government as a Field of Promise for Skilled, Experienced Information Security Professionals

Share Article

The Double-Edged Sword: Career Opportunities Spike While Hiring Challenges Grow

"Information security professionals with the right mix of knowledge and experience remain in high demand by government hiring managers, but qualified candidates are hard to come by as agencies try to build their security teams,” said W. Hord Tipton.

According to the 2012 Career Impact Survey released today by (ISC)²® (“ISC-squared”), the world’s largest information security professional body and administrators of the CISSP®, the federal government employment market for information security professionals represents both significant stability and opportunity for those currently in the field. Highly trained and experienced information security professionals already in federal jobs say they are experiencing nearly full employment, coupled with career advancement opportunities and salary increases in 2011. Conversely, those responsible for hiring are finding it difficult to locate new recruits with the right skills to meet their agencies’ cyber security needs, presenting a continued challenge for the cyber security workforce.

Results of the survey found that approximately 97 percent of the 545 federal government information security professionals are currently employed, and only 8 percent were unemployed at any point in 2011. Federal respondents also reported experiencing upward career mobility last year, with 62 percent receiving a salary increase in 2011 and 48 percent expecting a salary increase in 2012. Further, of the 60 percent who changed jobs last year, 43 percent did so to pursue advancement opportunities, and 31 percent because of personal preference.

The Career Impact Survey, now in its third year and conducted by (ISC)2, which has over 80,000 members in 135 countries, tracks the impact of the economic climate on cyber security salaries, hiring outlook, budgets, threats and more. More than 2,250 information security professionals worldwide participated, including 545 information security professionals in U.S. federal government agencies.

Other key federal-specific findings from (ISC)²’s 2012 Career Impact Survey include:

  •     83 percent of federal hiring managers say that it is extremely difficult to find and hire qualified candidates.
  •     The top three skills federal hiring managers are looking for are certification and accreditation (68 percent), operations security (55 percent), and telecommunications and network security (53 percent).
  •     Federal respondents rated the following initiatives as the least successful when measuring the success of the government’s hiring methods: dedicated programs such as the US Cyber Corps, recruiting from specific colleges and job fairs.
  •     Federal respondents reported the top three security risks in 2011 as attacks against an agency’s systems/infrastructure (39 percent), increased risk due to mobile devices (27 percent), and targeted attacks against personnel (13 percent).

“The federal results from our latest Career Impact Survey validate the persistence of our national cyber security workforce challenges: information security professionals with the right mix of knowledge and experience remain in high demand by government hiring managers, but qualified candidates are hard to come by as agencies try to build their security teams,” said W. Hord Tipton, CISSP-ISSEP, CAP, CISA, executive director of (ISC)² and former CIO of the U.S. Department of the Interior. “While decreasing budgets are a key factor in this hiring challenge, these results reinforce the need for a distinct career path in this field and a definition of roles in order to make it easier for hiring managers to find and place candidates with the right qualifications. They also demonstrate that the government’s existing methods to fill the pipeline are not working.”

The (ISC)² 2012 Career Impact Survey was conducted from December 2011 to January 2012, with 2,256 respondents globally to gain insights into how economic conditions and security threats affected the information security profession in 2011 and to gauge the 2012 outlook. The most common sectors represented were government at 28.9 percent; information technology at 28.5 percent; professional services at 18.2 percent; banking at 11.3 percent, and telecommunications at 9.9 percent. The majority of respondents’ organizations had over 1,000 employees. 23 percent of respondents work as security managers for their agencies. With the help of these survey respondents, (ISC)² is identifying important workforce trends in an effort to help solve the global cyber security workforce crisis.

(ISC)² conducts research regularly to gain insight into the state of the information security workforce and offers support for its certified members seeking employment and career enhancement, including free resume posting and job alerts on its Career Tools site ( Employers can post jobs and search resumes for free as well, giving them a direct line to an audience of qualified information security professionals.

Aggregate results for the (ISC)² 2012 Career Impact Survey can be found at:

About (ISC)2
(ISC)² is the largest not-for-profit membership body of certified information security professionals worldwide, with over 80,000 members in more than 135 countries.    Globally recognized as the Gold Standard, (ISC)² issues the Certified Information Systems Security Professional (CISSPÒ) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLPÒ), Certified Authorization Professional (CAPÒ), and Systems Security Certified Practitioner (SSCPÒ) credentials to qualifying candidates. (ISC)²’s certifications are among the first information technology credentials to meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)² also offers education programs and services based on its CBK®, a compendium of information security topics. More information is available at

© 2012, (ISC)² Inc. (ISC)², CISSP, ISSAP, ISSMP, ISSEP, CSSLP, CAP, SSCP and CBK are registered marks of (ISC)², Inc.

Follow (ISC)² on Facebook, Twitter and YouTube.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Courtney Beveridge