Never Look Again!

Is There Such Thing As An Unfillable Security Job?

Yes there is.  Over the past couple of years and more specifically since the first bank failure in 2008, many security jobs have surfaced  that realistically can’t be filled

When was the last time you ran into an information security professional who had expertise in SAP Security and Identity Management?  Sure, there is someone out there who has this unique mix of difficult to find skill sets but can you imagine filling such a job for $75,000 in Southern California? Seriously, I received a call and a job description like this from a company in Southern California within the past 12 months.

Information Security Threats are not diminishing. However, companies are doing what they can to hire fewer people to protect their digital and intellectual property.  They’re rolling the dice. When you see a job description that asks for so many skills that you find yourself thinking you’ve just read 3-5 job requirements, there is nothing wrong with your eyes. Employers today are regularly trying to get more for less when they hire.

Recently, a Security Architect professional called me and shared a story of his face-to-face visit to an employer to discuss a Security Architect position. On the East Coast,in a high cost of living location, this Security Architect is earning in the $150,000 range. In the city where he invested his time to fly to for an interview, the employer wanted him but wanted him for a salary of $85,000. I wasn’t involved in this recruiting process.   This hire didn’t happen.

I’ve researched this employer and the position the security job candidate interviewed for. The security job is designed to consolidate the work of several security skilled professionals into one role and it is severely underpriced for the market where the company does business. Unless the hiring expectations change, the job will go unfilled or the employer will have to compromise significantly to get someone on board.

Sometimes, employers simply don’t know how to build security job descriptions. Sometimes they build a strong description but then they hang the wrong price tag on the description.   I’m convinced that there are many times when a job description is created out of the ashes of 3+ older descriptions connected to 3+ people who are no longer with the company.  What the employer is trying to do in this case is to get the job done through one person without  paying for the skills of three people. Looks like a roll of the dice to me.

Whether current hiring trends are right or wrong isn’t my argument.  What I’m sure of is that information security professionals today have to become well-rounded and deeply skilled  if they’re going to have a chance of matching up to the expectations many employers are placing on the  cyber security job candidates and technology risk management job candidates they choose  to interview.